GNU bug report logs -
#63063
CVE-2021-36699 report
Previous Next
Full log
View this message in rfc822 format
> From: Po Lu <luangruo <at> yahoo.com>
> Cc: fuo <at> fuo.fi, 63063 <at> debbugs.gnu.org
> Date: Tue, 25 Apr 2023 20:59:16 +0800
>
> Eli Zaretskii <eliz <at> gnu.org> writes:
>
> > The pdumper file is data, not code. It is loaded into the data
> > segment. And executable code segments are usually write-protected.
>
> Only some kinds of CPU make the distinction between executable and
> readable pages.
I think this depends on the OS, not only the CPU?
> > I don't think this is relevant. But based on what the code does, I
> > don't see why this should be considered a security issue.
>
> It's not, indeed.
>
> The glaringly obvious reason being that only the site administrator, or
> the user himself, can replace the dump file with something else.
I'm not sure I agree (there's the symlink attack, for example), but I
don't think it changes the nature of the issue.
This bug report was last modified 2 years and 56 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.