Message ID | 20170619153832.8DC2F402AEC3C@oldenburg.str.redhat.com |
---|---|
State | New |
Headers | show |
On Mon, Jun 19, 2017 at 05:38:32PM +0200, Florian Weimer wrote: > LD_LIBRARY_PATH can only be used to reorder system search paths, which > is not useful functionality. > > This makes an exploitable unbounded alloca in _dl_init_paths unreachable > for AT_SECURE=1 programs. > > 2017-06-19 Florian Weimer <fweimer@redhat.com> > > [BZ #21624] > CVE-2017-1000366 > * elf/rtld.c (process_envvars): Ignore LD_LIBRARY_PATH for > __libc_enable_secure. This is fine, please apply.
diff --git a/elf/rtld.c b/elf/rtld.c index 2446a87..2269dbe 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep) case 12: /* The library search path. */ - if (memcmp (envline, "LIBRARY_PATH", 12) == 0) + if (!__libc_enable_secure + && memcmp (envline, "LIBRARY_PATH", 12) == 0) { library_path = &envline[13]; break;