diff options
author | Florian Weimer <fweimer@redhat.com> | 2017-06-19 17:09:55 +0200 |
---|---|---|
committer | Florian Weimer <fweimer@redhat.com> | 2017-06-19 18:27:30 +0200 |
commit | f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d (patch) | |
tree | 16ff41bf5ff4ad2e55eb28b4b7058c6a2784e6fb /elf/rtld.c | |
parent | b08a6a0dea63742313ed3d9577c1e2d83436b196 (diff) | |
download | glibc-f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d.tar.gz glibc-f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d.tar.xz glibc-f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d.zip |
CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1 programs [BZ #21624]
LD_LIBRARY_PATH can only be used to reorder system search paths, which is not useful functionality. This makes an exploitable unbounded alloca in _dl_init_paths unreachable for AT_SECURE=1 programs.
Diffstat (limited to 'elf/rtld.c')
-rw-r--r-- | elf/rtld.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/elf/rtld.c b/elf/rtld.c index 2446a87680..2269dbec81 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep) case 12: /* The library search path. */ - if (memcmp (envline, "LIBRARY_PATH", 12) == 0) + if (!__libc_enable_secure + && memcmp (envline, "LIBRARY_PATH", 12) == 0) { library_path = &envline[13]; break; |