Commit f6110a8f authored Jun 19, 2017 by Florian Weimer

CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1 programs [BZ #21624]

LD_LIBRARY_PATH can only be used to reorder system search paths, which
is not useful functionality.

This makes an exploitable unbounded alloca in _dl_init_paths unreachable
for AT_SECURE=1 programs.

parent b08a6a0d

Show whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit 87bd4186
· Aug 18, 2019

mentioned in commit 87bd4186

mentioned in commit 87bd4186da10371f46e2f1a7bf7c0a45bb04f1ac

Toggle commit list
mirror @mirror
mentioned in commit 3c7cd212
· Aug 18, 2019

mentioned in commit 3c7cd212

mentioned in commit 3c7cd21290cabdadd72984fb69bc51e64ff1002d

Toggle commit list
mirror @mirror
mentioned in commit ed739093
· Aug 18, 2019

mentioned in commit ed739093

mentioned in commit ed739093d19855c71b3f38bfed7d318340b22612

Toggle commit list
mirror @mirror
mentioned in commit efa26d9c
· Aug 18, 2019

mentioned in commit efa26d9c

mentioned in commit efa26d9c13a6fabd34a05139e1d8b2e441b2fae9

Toggle commit list

Please register or to comment