rtld: Check __libc_enable_secure before honoring LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126) [BZ #25204]

The problem was introduced in glibc 2.23, in commit b9eb92ab05204df772eb4929eccd018637c9f3e9 ("Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT").
author: Marcin Kościelnicki <mwk@0x04.net> 2019-11-21 00:20:15 +0100
committer: Florian Weimer <fweimer@redhat.com> 2019-11-21 12:56:44 +0100
commit: d5dfad4326fc683c813df1e37bbf5cf920591c8e (patch)
tree: caf191d9e8e3dc6f42b0b5e2a04370ecc2858198 /NEWS
parent: 2a764c6ee848dfe92cb2921ed3b14085f15d9e79 (diff)
download: glibc-d5dfad4326fc683c813df1e37bbf5cf920591c8e.tar.gz
glibc-d5dfad4326fc683c813df1e37bbf5cf920591c8e.tar.xz
glibc-d5dfad4326fc683c813df1e37bbf5cf920591c8e.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 50479f17c9..df03f4dc48 100644
--- a/NEWS
+++ b/NEWS
@@ -86,7 +86,11 @@ Changes to build and runtime requirements:
 
 Security related changes:
 
-  [Add security related changes here]
+  CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC
+  environment variable during program execution after a security
+  transition, allowing local attackers to restrict the possible mapping
+  addresses for loaded libraries and thus bypass ASLR for a setuid
+  program.  Reported by Marcin Kościelnicki.
 
 The following bugs are resolved with this release:
author	Marcin Kościelnicki <mwk@0x04.net>	2019-11-21 00:20:15 +0100
committer	Florian Weimer <fweimer@redhat.com>	2019-11-21 12:56:44 +0100
commit	d5dfad4326fc683c813df1e37bbf5cf920591c8e (patch)
tree	caf191d9e8e3dc6f42b0b5e2a04370ecc2858198 /NEWS
parent	2a764c6ee848dfe92cb2921ed3b14085f15d9e79 (diff)
download	glibc-d5dfad4326fc683c813df1e37bbf5cf920591c8e.tar.gz glibc-d5dfad4326fc683c813df1e37bbf5cf920591c8e.tar.xz glibc-d5dfad4326fc683c813df1e37bbf5cf920591c8e.zip