mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-09 14:50:05 +00:00
rtld: Check __libc_enable_secure before honoring LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126) [BZ #25204]
The problem was introduced in glibc 2.23, in commit
b9eb92ab05
("Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT").
This commit is contained in:
parent
2a764c6ee8
commit
d5dfad4326
6
NEWS
6
NEWS
@ -86,7 +86,11 @@ Changes to build and runtime requirements:
|
||||
|
||||
Security related changes:
|
||||
|
||||
[Add security related changes here]
|
||||
CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC
|
||||
environment variable during program execution after a security
|
||||
transition, allowing local attackers to restrict the possible mapping
|
||||
addresses for loaded libraries and thus bypass ASLR for a setuid
|
||||
program. Reported by Marcin Kościelnicki.
|
||||
|
||||
The following bugs are resolved with this release:
|
||||
|
||||
|
@ -31,7 +31,8 @@
|
||||
environment variable, LD_PREFER_MAP_32BIT_EXEC. */
|
||||
#define EXTRA_LD_ENVVARS \
|
||||
case 21: \
|
||||
if (memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \
|
||||
if (!__libc_enable_secure \
|
||||
&& memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \
|
||||
GLRO(dl_x86_cpu_features).feature[index_arch_Prefer_MAP_32BIT_EXEC] \
|
||||
|= bit_arch_Prefer_MAP_32BIT_EXEC; \
|
||||
break;
|
||||
|
Loading…
Reference in New Issue
Block a user