public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
From: "roland at gnu dot org" <sourceware-bugzilla@sourceware.org> To: glibc-bugs@sources.redhat.com Subject: [Bug libc/11643] ldopen failing with relative path ($ORIGIN) when a capability is set Date: Fri, 28 May 2010 18:30:00 -0000 [thread overview] Message-ID: <20100528182959.21965.qmail@sourceware.org> (raw) In-Reply-To: <20100528162846.11643.bugeaud@gmail.com> ------- Additional Comments From roland at gnu dot org 2010-05-28 18:29 ------- This is not a bug. It's a security feature. $ORIGIN can be abused to load different libraries into the process and effect a privilege escalation. So, like LD_LIBRARY_PATH, it is disabled in a process that is setuid or similarly privileged. The Linux kernel decides what constitutes "setuid-like" by setting the AT_SECURE parameter at exec time. libc just follows that. If you want the rules for that changed, take it up with the kernel people. -- What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID http://sourceware.org/bugzilla/show_bug.cgi?id=11643 ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
next prev parent reply other threads:[~2010-05-28 18:30 UTC|newest] Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top 2010-05-28 16:29 [Bug libc/11643] New: " bugeaud at gmail dot com 2010-05-28 18:30 ` roland at gnu dot org [this message] 2010-05-28 22:11 ` [Bug libc/11643] " bugeaud at gmail dot com 2010-05-28 22:31 ` roland at gnu dot org 2010-05-29 9:43 ` bugeaud at gmail dot com 2010-05-31 17:13 ` pasky at suse dot cz 2010-07-28 14:07 ` bugeaud at gmail dot com [not found] <bug-11643-131@http.sourceware.org/bugzilla/> 2014-06-30 17:55 ` fweimer at redhat dot com
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20100528182959.21965.qmail@sourceware.org \ --to=sourceware-bugzilla@sourceware.org \ --cc=glibc-bugs@sources.redhat.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).