81 lines
2.4 KiB
Diff
81 lines
2.4 KiB
Diff
From 6043d77a47de297b62084c1c261cdada082bf09c Mon Sep 17 00:00:00 2001
|
||
From: Andreas Schwab <schwab@suse.de>
|
||
Date: Mon, 28 Aug 2017 19:49:18 +0200
|
||
Subject: [PATCH 15] ldd: never run file directly
|
||
|
||
(cherry picked from commit eedca9772e99c72ab4c3c34e43cc764250aa3e3c)
|
||
---
|
||
ChangeLog | 6 ++++++
|
||
NEWS | 9 +++++++++
|
||
elf/ldd.bash.in | 14 +-------------
|
||
3 files changed, 16 insertions(+), 13 deletions(-)
|
||
|
||
diff --git a/ChangeLog b/ChangeLog
|
||
index ad05da8ade..fa27c6f66f 100644
|
||
--- a/ChangeLog
|
||
+++ b/ChangeLog
|
||
@@ -1,3 +1,9 @@
|
||
+2017-08-16 Andreas Schwab <schwab@suse.de>
|
||
+
|
||
+ [BZ #16750]
|
||
+ CVE-2009-5064
|
||
+ * elf/ldd.bash.in: Never run file directly.
|
||
+
|
||
2017-08-10 Florian Weimer <fweimer@redhat.com>
|
||
|
||
* inet/net-internal.h (__inet6_scopeid_pton): Remove
|
||
diff --git a/NEWS b/NEWS
|
||
index 0534c5296e..756e849643 100644
|
||
--- a/NEWS
|
||
+++ b/NEWS
|
||
@@ -7,8 +7,17 @@ using `glibc' in the "product" field.
|
||
|
||
Version 2.26.1
|
||
|
||
+Security related changes:
|
||
+
|
||
+ CVE-2009-5064: The ldd script would sometimes run the program under
|
||
+ examination directly, without preventing code execution through the
|
||
+ dynamic linker. (The glibc project disputes that this is a security
|
||
+ vulnerability; only trusted binaries must be examined using the ldd
|
||
+ script.)
|
||
+
|
||
The following bugs are resolved with this release:
|
||
|
||
+ [16750] ldd: Never run file directly.
|
||
[21242] assert: Suppress pedantic warning caused by statement expression
|
||
[21780] posix: Set p{read,write}v2 to return ENOTSUP
|
||
[21871] x86-64: Use _dl_runtime_resolve_opt only with AVX512F
|
||
diff --git a/elf/ldd.bash.in b/elf/ldd.bash.in
|
||
index 7dd1fccf24..686785e235 100644
|
||
--- a/elf/ldd.bash.in
|
||
+++ b/elf/ldd.bash.in
|
||
@@ -164,18 +164,6 @@ warning: you do not have execution permission for" "\`$file'" >&2
|
||
fi
|
||
done
|
||
case $ret in
|
||
- 0)
|
||
- # If the program exits with exit code 5, it means the process has been
|
||
- # invoked with __libc_enable_secure. Fall back to running it through
|
||
- # the dynamic linker.
|
||
- try_trace "$file"
|
||
- rc=$?
|
||
- if [ $rc = 5 ]; then
|
||
- try_trace "$RTLD" "$file"
|
||
- rc=$?
|
||
- fi
|
||
- [ $rc = 0 ] || result=1
|
||
- ;;
|
||
1)
|
||
# This can be a non-ELF binary or no binary at all.
|
||
nonelf "$file" || {
|
||
@@ -183,7 +171,7 @@ warning: you do not have execution permission for" "\`$file'" >&2
|
||
result=1
|
||
}
|
||
;;
|
||
- 2)
|
||
+ 0|2)
|
||
try_trace "$RTLD" "$file" || result=1
|
||
;;
|
||
*)
|
||
|