diff options
| author | Florian Weimer <fweimer@redhat.com> | 2017-06-19 17:09:55 +0200 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2017-06-19 18:27:30 +0200 |
| commit | f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d (patch) | |
| tree | 16ff41bf5ff4ad2e55eb28b4b7058c6a2784e6fb | |
| parent | b08a6a0dea63742313ed3d9577c1e2d83436b196 (diff) | |
| download | glibc-f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d.tar.gz glibc-f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d.tar.xz glibc-f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d.zip | |
CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1 programs [BZ #21624]
LD_LIBRARY_PATH can only be used to reorder system search paths, which is not useful functionality. This makes an exploitable unbounded alloca in _dl_init_paths unreachable for AT_SECURE=1 programs.
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | elf/rtld.c | 3 |
2 files changed, 9 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog index 90439b874c..3b61f167d2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2017-06-19 Florian Weimer <fweimer@redhat.com> + + [BZ #21624] + CVE-2017-1000366 + * elf/rtld.c (process_envvars): Ignore LD_LIBRARY_PATH for + __libc_enable_secure. + 2017-06-19 Stefan Liebler <stli@linux.vnet.ibm.com> [BZ #21539] diff --git a/elf/rtld.c b/elf/rtld.c index 2446a87680..2269dbec81 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep) case 12: /* The library search path. */ - if (memcmp (envline, "LIBRARY_PATH", 12) == 0) + if (!__libc_enable_secure + && memcmp (envline, "LIBRARY_PATH", 12) == 0) { library_path = &envline[13]; break; |