public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug dynamic-link/16750] New: ldd should not try to execute the binaries
@ 2014-03-25 10:06 schwab@linux-m68k.org
2014-06-12 19:54 ` [Bug dynamic-link/16750] " fweimer at redhat dot com
0 siblings, 1 reply; 2+ messages in thread
From: schwab@linux-m68k.org @ 2014-03-25 10:06 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16750
Bug ID: 16750
Summary: ldd should not try to execute the binaries
Product: glibc
Version: 2.18
Status: NEW
Severity: normal
Priority: P2
Component: dynamic-link
Assignee: unassigned at sourceware dot org
Reporter: schwab@linux-m68k.org
Currently, if ld.so --verify indicates that the binary has an interpreter, ldd
tries to execute it directly (with the appropriate environment to request
listing dependent libraries). This can result in a random interpreter to be
executed on behalf of the user and is insecure. Instead, ldd should always use
the known good dynamic linker installed in the system to list the library
dependencies.
See <https://bugzilla.novell.com/show_bug.cgi?id=677787> for references.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug dynamic-link/16750] ldd should not try to execute the binaries
2014-03-25 10:06 [Bug dynamic-link/16750] New: ldd should not try to execute the binaries schwab@linux-m68k.org
@ 2014-06-12 19:54 ` fweimer at redhat dot com
0 siblings, 0 replies; 2+ messages in thread
From: fweimer at redhat dot com @ 2014-06-12 19:54 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16750
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-06-12 19:54 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-03-25 10:06 [Bug dynamic-link/16750] New: ldd should not try to execute the binaries schwab@linux-m68k.org
2014-06-12 19:54 ` [Bug dynamic-link/16750] " fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).