openkylin
/
glibc
mirror of https://gitee.com/openkylin/glibc.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

pro-actively disable LD_AUDIT for setuid binaries, regardless 

of where the libraries are loaded from. This is to try to make sure that
CVE-2010-3856 cannot sneak back in. Upstream is unlikely to take this,
since it limits the functionality of LD_AUDIT.

Gbp-Pq: Topic ubuntu
Gbp-Pq: Name local-disable-ld_audit.diff
This commit is contained in:
Kees Cook 2022-05-13 23:32:11 +08:00 committed by openKylinBot
parent 9c2d95a0e9
commit 22ba7cee9c
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
elf/rtld.c
View File

@ -2504,7 +2504,7 @@ process_dl_audit (char *str)
char *p;
while ((p = (strsep) (&str, ":")) != NULL)
if (dso_name_valid_for_suid (p))
if (! __glibc_unlikely (__libc_enable_secure) && dso_name_valid_for_suid (p))
{
/* This is using the local malloc, not the system malloc. The
memory can never be freed. */