This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/14370] ld.so crashes on mismatched TLS/non-TLS symbols
- From: "bugdal at aerifal dot cx" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Tue, 04 Sep 2012 23:26:07 +0000
- Subject: [Bug dynamic-link/14370] ld.so crashes on mismatched TLS/non-TLS symbols
- Auto-submitted: auto-generated
- References: <bug-14370-131@http.sourceware.org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=14370
--- Comment #21 from Rich Felker <bugdal at aerifal dot cx> 2012-09-04 23:26:07 UTC ---
Malformed DSOs are not a potential attack vector for security breach because
you must already 100% trust a DSO before you can load it. A malicious DSO can
run arbitrary code in its constructors before dlopen returns; there is no way
around this. There should be a number of other attack vectors related to
invalid pointers in the various tables used for relocations and symbol
resolution.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.