* [Bug libc/23323] Recommendations for devs stuck with old glibc versions
@ 2023-11-30 9:49 amb
2023-11-30 11:58 ` Florian Weimer
0 siblings, 1 reply; 2+ messages in thread
From: amb @ 2023-11-30 9:49 UTC (permalink / raw)
To: libc-help
Hi,
I am forced to build against an old glibc version in order to run my
code on a large number of target linux systems. For developers like
me, what is the recommended way to mitigate the issue described in
https://sourceware.org/bugzilla/show_bug.cgi?id=23323 ?
If mitigation is not possible, should I be concerned about this as a
potential security issue for my application? I don't know if this
issue was ever assigned a CVE so I was not able to query its severity.
Is there a CVE for this?
Thanks
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [Bug libc/23323] Recommendations for devs stuck with old glibc versions
2023-11-30 9:49 [Bug libc/23323] Recommendations for devs stuck with old glibc versions amb
@ 2023-11-30 11:58 ` Florian Weimer
0 siblings, 0 replies; 2+ messages in thread
From: Florian Weimer @ 2023-11-30 11:58 UTC (permalink / raw)
To: amb via Libc-help; +Cc: amb
* amb via Libc-help:
> I am forced to build against an old glibc version in order to run my
> code on a large number of target linux systems. For developers like
> me, what is the recommended way to mitigate the issue described in
> https://sourceware.org/bugzilla/show_bug.cgi?id=23323 ?
It's just a missed hardening opportunity. Your binary will likely have
other gadgets in it anyway. Note that we have not treated it as a
security vulnerability.
If your main program does not use ELF constructors, you can use custom
startup files without the ELF constructor trampoline.
Thanks,
Florian
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-11-30 11:58 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-11-30 9:49 [Bug libc/23323] Recommendations for devs stuck with old glibc versions amb
2023-11-30 11:58 ` Florian Weimer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).