This is the mail archive of the libc-alpha@sources.redhat.com mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

What about LD_DEBUG?


Sorry for prematurely sending this email last time.


Security advisories warn about a LD_DEBUG-related vulnerability in
glibc:

http://www.securitytracker.com/alerts/2004/Aug/1010975.html

Gentoo claims to have a fix:

http://www.gentoo.org/cgi-bin/viewcvs.cgi/sys-libs/glibc/files/glibc-
sec-hotfix-20040804.patch?rev=1.2

Not everybody agrees it's the right solution, though:

http://sources.redhat.com/ml/libc-hacker/2004-08/msg00059.html

Could some glibc developer take a position on this issue? Can you
acknowledge that there is a bug? Is the Gentoo solution correct? If not,
when will the problem be fixed within glibc itself?

-- 
+----------------------------------------------------------------------+
| Paweł Sakowski <pawel@sakowski.eu.org>            Never trust a man  |
|                            who can count up to 1023 on his fingers.  |
+----------------------------------------------------------------------+



Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]