This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch release/2.26/master updated. glibc-2.26-15-g6043d77
- From: fw at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 28 Aug 2017 17:52:55 -0000
- Subject: GNU C Library master sources branch release/2.26/master updated. glibc-2.26-15-g6043d77
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, release/2.26/master has been updated
via 6043d77a47de297b62084c1c261cdada082bf09c (commit)
from 77db8772bd3f6f2bbad697dcf46861ce310f5b95 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6043d77a47de297b62084c1c261cdada082bf09c
commit 6043d77a47de297b62084c1c261cdada082bf09c
Author: Andreas Schwab <schwab@suse.de>
Date: Mon Aug 28 19:49:18 2017 +0200
ldd: never run file directly
(cherry picked from commit eedca9772e99c72ab4c3c34e43cc764250aa3e3c)
diff --git a/ChangeLog b/ChangeLog
index ad05da8..fa27c6f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2017-08-16 Andreas Schwab <schwab@suse.de>
+
+ [BZ #16750]
+ CVE-2009-5064
+ * elf/ldd.bash.in: Never run file directly.
+
2017-08-10 Florian Weimer <fweimer@redhat.com>
* inet/net-internal.h (__inet6_scopeid_pton): Remove
diff --git a/NEWS b/NEWS
index 0534c52..756e849 100644
--- a/NEWS
+++ b/NEWS
@@ -7,8 +7,17 @@ using `glibc' in the "product" field.
Version 2.26.1
+Security related changes:
+
+ CVE-2009-5064: The ldd script would sometimes run the program under
+ examination directly, without preventing code execution through the
+ dynamic linker. (The glibc project disputes that this is a security
+ vulnerability; only trusted binaries must be examined using the ldd
+ script.)
+
The following bugs are resolved with this release:
+ [16750] ldd: Never run file directly.
[21242] assert: Suppress pedantic warning caused by statement expression
[21780] posix: Set p{read,write}v2 to return ENOTSUP
[21871] x86-64: Use _dl_runtime_resolve_opt only with AVX512F
diff --git a/elf/ldd.bash.in b/elf/ldd.bash.in
index 7dd1fcc..686785e 100644
--- a/elf/ldd.bash.in
+++ b/elf/ldd.bash.in
@@ -164,18 +164,6 @@ warning: you do not have execution permission for" "\`$file'" >&2
fi
done
case $ret in
- 0)
- # If the program exits with exit code 5, it means the process has been
- # invoked with __libc_enable_secure. Fall back to running it through
- # the dynamic linker.
- try_trace "$file"
- rc=$?
- if [ $rc = 5 ]; then
- try_trace "$RTLD" "$file"
- rc=$?
- fi
- [ $rc = 0 ] || result=1
- ;;
1)
# This can be a non-ELF binary or no binary at all.
nonelf "$file" || {
@@ -183,7 +171,7 @@ warning: you do not have execution permission for" "\`$file'" >&2
result=1
}
;;
- 2)
+ 0|2)
try_trace "$RTLD" "$file" || result=1
;;
*)
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 6 ++++++
NEWS | 9 +++++++++
elf/ldd.bash.in | 14 +-------------
3 files changed, 16 insertions(+), 13 deletions(-)
hooks/post-receive
--
GNU C Library master sources