Movatterモバイル変換

This is the mail archive of thelibc-alpha@sourceware.orgmailing list for theglibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] ldd: never run file directly

From: Andreas Schwab <schwab at suse dot de>
To: Florian Weimer <fweimer at redhat dot com>
Cc: GNU C Library <libc-alpha at sourceware dot org>
Date: Wed, 16 Aug 2017 16:46:08 +0200
Subject: Re: [PATCH] ldd: never run file directly
Authentication-results: sourceware.org; auth=none
References: <b7bba2c1-b089-ef59-25f6-784e3728dbe0@redhat.com><mvmfucrsiv3.fsf@suse.de><4dd5e3fd-2c89-2b6c-477c-b83ee8581f7a@redhat.com>

On Aug 16 2017, Florian Weimer <fweimer@redhat.com> wrote:> Thanks.  What about this NEWS entry for it?>> +  CVE-2009-5064: The ldd script would sometimes run the program under> +  examination directly, without preventing code execution through the> +  dynamic linker.  (The glibc project disputes that this is a security> +  vulnerability; only trusted binaries must be examined using the ldd> +  script.)Looks ok.Andreas.-- Andreas Schwab, SUSE Labs, schwab@suse.deGPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7"And now for something completely different."

References:
- [PATCH] ldd: never run file directly
  - From: Florian Weimer
- Re: [PATCH] ldd: never run file directly
  - From: Andreas Schwab
- Re: [PATCH] ldd: never run file directly
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

[8]ページ先頭