This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] ldd: never run file directly
On Aug 16 2017, Florian Weimer <fweimer@redhat.com> wrote:
> Thanks. What about this NEWS entry for it?
>
> + CVE-2009-5064: The ldd script would sometimes run the program under
> + examination directly, without preventing code execution through the
> + dynamic linker. (The glibc project disputes that this is a security
> + vulnerability; only trusted binaries must be examined using the ldd
> + script.)
Looks ok.
Andreas.
--
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."