From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 126803 invoked by alias); 24 Feb 2015 16:23:21 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Received: (qmail 126728 invoked by uid 48); 24 Feb 2015 16:23:15 -0000 From: "fweimer at redhat dot com" To: glibc-bugs@sourceware.org Subject: [Bug dynamic-link/18017] New: $ORIGIN in LD_AUDIT is not ignored for AT_SECURE programs (CVE-2010-3847) Date: Tue, 24 Feb 2015 16:23:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: dynamic-link X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fweimer at redhat dot com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2015-02/txt/msg00351.txt.bz2 https://sourceware.org/bugzilla/show_bug.cgi?id=3D18017 Bug ID: 18017 Summary: $ORIGIN in LD_AUDIT is not ignored for AT_SECURE programs (CVE-2010-3847) Product: glibc Version: unspecified Status: NEW Severity: normal Priority: P2 Component: dynamic-link Assignee: unassigned at sourceware dot org Reporter: fweimer at redhat dot com Full details were posted to full-disclosure: The key part: =E2=80=9CHowever, I have now discovered a way to exploit this. The origin e= xpansion mechanism is recycled for use in LD_AUDIT support, although an attempt is m= ade to prevent it from working, it is insufficient. LD_AUDIT is intended for use with the linker auditing api (see the rtld-aud= it manual), and has the usual restrictions for setuid programs as LD_PRELOAD d= oes. However, $ORIGIN expansion is only prevented if it is not used in isolation= .=E2=80=9D --=20 You are receiving this mail because: You are on the CC list for the bug. >>From glibc-bugs-return-27617-listarch-glibc-bugs=sources.redhat.com@sourceware.org Tue Feb 24 16:27:11 2015 Return-Path: Delivered-To: listarch-glibc-bugs@sources.redhat.com Received: (qmail 34164 invoked by alias); 24 Feb 2015 16:27:10 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Delivered-To: mailing list glibc-bugs@sourceware.org Received: (qmail 32595 invoked by uid 55); 24 Feb 2015 16:27:07 -0000 From: "joseph at codesourcery dot com" To: glibc-bugs@sourceware.org Subject: [Bug libc/17252] getrandom and getentropy syscall Date: Tue, 24 Feb 2015 16:27:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: enhancement X-Bugzilla-Who: joseph at codesourcery dot com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2015-02/txt/msg00352.txt.bz2 Content-length: 650 https://sourceware.org/bugzilla/show_bug.cgi?id=17252 --- Comment #5 from joseph at codesourcery dot com --- If you want progress on this, take a lead in the general discussion on libc-alpha of when glibc should provide bindings to Linux kernel syscalls, seeking to understand the differences of views expressed, find common ground and drive the discussion to consensus. Once we have agreed principles on bindings for syscalls, then we can consider which new or old syscalls should have such bindings added under those principles. -- You are receiving this mail because: You are on the CC list for the bug.