This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug dynamic-link/14370] ld.so crashes on mismatched TLS/non-TLS symbols

From: "bugdal at aerifal dot cx" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sources dot redhat dot com
Date: Tue, 04 Sep 2012 23:26:07 +0000
Subject: [Bug dynamic-link/14370] ld.so crashes on mismatched TLS/non-TLS symbols
Auto-submitted: auto-generated
References: <bug-14370-131@http.sourceware.org/bugzilla/>

http://sourceware.org/bugzilla/show_bug.cgi?id=14370

--- Comment #21 from Rich Felker <bugdal at aerifal dot cx> 2012-09-04 23:26:07 UTC ---
Malformed DSOs are not a potential attack vector for security breach because
you must already 100% trust a DSO before you can load it. A malicious DSO can
run arbitrary code in its constructors before dlopen returns; there is no way
around this. There should be a number of other attack vectors related to
invalid pointers in the various tables used for relocations and symbol
resolution.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]