GNU bug report logs -
#27429
Stack clash (CVE-2017-1000366 etc)
Previous Next
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Mon, 19 Jun 2017 22:27:01 UTC
Severity: serious
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
On the glibc bugs (CVE-2016-1000366), civodul said:
[21:02:26] <civodul> lfam: i *think* GuixSD is immune to the LD_LIBRARY_PATH one, FWIW
[...]
[21:02:43] <civodul> lfam: because of the way is_trusted_path works in glibc
https://gnunet.org/bot/log/guix/2017-06-19#T1422600
Relevant upstream commits:
CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1 programs [BZ #21624]
https://sourceware.org/git/?p=glibc.git;a=commit;h=f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d
ld.so: Reject overly long LD_PRELOAD path elements
https://sourceware.org/git/?p=glibc.git;a=commit;h=6d0ba622891bed9d8394eef1935add53003b12e8
ld.so: Reject overly long LD_AUDIT path elements:
https://sourceware.org/git/?p=glibc.git;a=commit;h=81b82fb966ffbd94353f793ad17116c6088dedd9
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 7 years and 309 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.