665d6a5916
* gnu/packages/base.scm (glibc/linux)[replacement]: New field. (glibc-2.25-patched): New variable. (glibc-2.24, glibc-2.23, glibc-2.22, glibc-2.21)[source]: Add patches. [replacement]: New field. (glibc-locales)[replacement]: New field. * gnu/packages/patches/glibc-CVE-2017-1000366-pt1.patch, gnu/packages/patches/glibc-CVE-2017-1000366-pt2.patch, gnu/packages/patches/glibc-CVE-2017-1000366-pt3.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. Modified-By: Mark H Weaver <mhw@netris.org>
37 lines
1 KiB
Diff
37 lines
1 KiB
Diff
From f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d Mon Sep 17 00:00:00 2001
|
|
From: Florian Weimer <fweimer@redhat.com>
|
|
Date: Mon, 19 Jun 2017 17:09:55 +0200
|
|
Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1
|
|
programs [BZ #21624]
|
|
|
|
LD_LIBRARY_PATH can only be used to reorder system search paths, which
|
|
is not useful functionality.
|
|
|
|
This makes an exploitable unbounded alloca in _dl_init_paths unreachable
|
|
for AT_SECURE=1 programs.
|
|
|
|
patch from:
|
|
https://sourceware.org/git/?p=glibc.git;a=commit;h=f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d
|
|
---
|
|
ChangeLog | 7 +++++++
|
|
elf/rtld.c | 3 ++-
|
|
2 files changed, 9 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/elf/rtld.c b/elf/rtld.c
|
|
index 2446a87..2269dbe 100644
|
|
--- a/elf/rtld.c
|
|
+++ b/elf/rtld.c
|
|
@@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep)
|
|
|
|
case 12:
|
|
/* The library search path. */
|
|
- if (memcmp (envline, "LIBRARY_PATH", 12) == 0)
|
|
+ if (!__libc_enable_secure
|
|
+ && memcmp (envline, "LIBRARY_PATH", 12) == 0)
|
|
{
|
|
library_path = &envline[13];
|
|
break;
|
|
--
|
|
2.9.3
|
|
|