This is the mail archive of the
libc-alpha@sources.redhat.com
mailing list for the glibc project.
What about LD_DEBUG?
- From: Paweł Sakowski <pawel at sakowski dot eu dot org>
- To: libc-alpha at sources dot redhat dot com
- Date: Thu, 16 Sep 2004 11:27:40 +0200
- Subject: What about LD_DEBUG?
Security advisories warn about a LD_DEBUG-related vulnerability in
glibc:
http://www.securitytracker.com/alerts/2004/Aug/1010975.html
Gentoo claims to have a fix:
http://www.gentoo.org/cgi-bin/viewcvs.cgi/sys-libs/glibc/files/glibc-sec-hotfix-20040804.patch?rev=1.2
Not everybody agrees it's the right solution, though:
--
+----------------------------------------------------------------------+
| Paweł Sakowski <pawel@sakowski.eu.org> Never trust a man |
| who can count up to 1023 on his fingers. |
+----------------------------------------------------------------------+