From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 23012 invoked by alias); 28 May 2010 22:11:43 -0000 Received: (qmail 22980 invoked by uid 48); 28 May 2010 22:11:34 -0000 Date: Fri, 28 May 2010 22:11:00 -0000 Message-ID: <20100528221134.22979.qmail@sourceware.org> From: "bugeaud at gmail dot com" To: glibc-bugs@sources.redhat.com In-Reply-To: <20100528162846.11643.bugeaud@gmail.com> References: <20100528162846.11643.bugeaud@gmail.com> Reply-To: sourceware-bugzilla@sourceware.org Subject: [Bug libc/11643] ldopen failing with relative path ($ORIGIN) when a capability is set X-Bugzilla-Reason: CC Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org X-SW-Source: 2010-05/txt/msg00127.txt.bz2 ------- Additional Comments From bugeaud at gmail dot com 2010-05-28 22:11 ------- My understanding is that, when AT_SECURE is set it is up to the glibc to decide what to do with it, and as in the example given UID=EUID there is no superuser escalation possible. So $ORIGIN chould be safe, as the only extra feature granted on the process is set using the capabilities (file system level granted by root) and no other capabilities can be added by the user. In that context, this means that when AT_SECURE is set glibc should perform its own check. Something like : if EUID==UID then grantOriginEscaping else forbidOriginEscaping -- What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | http://sourceware.org/bugzilla/show_bug.cgi?id=11643 ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.