From f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Mon, 19 Jun 2017 17:09:55 +0200 Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1 programs [BZ #21624] LD_LIBRARY_PATH can only be used to reorder system search paths, which is not useful functionality. This makes an exploitable unbounded alloca in _dl_init_paths unreachable for AT_SECURE=1 programs. [Peter: Drop ChangeLog modification] Signed-off-by: Peter Korsgaard --- elf/rtld.c | 3 ++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/elf/rtld.c b/elf/rtld.c index 2446a87680..2269dbec81 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep) case 12: /* The library search path. */ - if (memcmp (envline, "LIBRARY_PATH", 12) == 0) + if (!__libc_enable_secure + && memcmp (envline, "LIBRARY_PATH", 12) == 0) { library_path = &envline[13]; break; -- 2.11.0