oss-sec mailing list archives
Re: Fixing the glibc runtime linker
From: Paul Pluzhnikov <ppluzhnikov () google com>
Date: Thu, 19 Feb 2015 23:50:37 -0800
On Thu, Feb 19, 2015 at 11:34 PM, Rich Felker <dalias () libc org> wrote:
I don't see how you think this is a security issue at all.
I think the point is that 'system(argv[1])' is a hard mistake to make by accident, but empty or relative RPATH is easy, and is not immediately discoverable: you have to run 'readelf -d a.out' and then think about what you see. -- Paul Pluzhnikov
Current thread:
- Fixing the glibc runtime linker Tim Brown (Feb 19)
- Re: Fixing the glibc runtime linker Stuart Gathman (Feb 19)
- Re: Fixing the glibc runtime linker Tim Brown (Feb 19)
- Re: Fixing the glibc runtime linker Paul Pluzhnikov (Feb 19)
- Re: Fixing the glibc runtime linker Tim Brown (Feb 19)
- Re: Fixing the glibc runtime linker Paul Pluzhnikov (Feb 19)
- Re: Fixing the glibc runtime linker Rich Felker (Feb 19)
- Re: Fixing the glibc runtime linker Paul Pluzhnikov (Feb 19)
- Re: Fixing the glibc runtime linker Rich Felker (Feb 19)
- Re: Fixing the glibc runtime linker Paul Pluzhnikov (Feb 20)
- Re: Fixing the glibc runtime linker Tim Brown (Feb 20)
- Re: Fixing the glibc runtime linker Rich Felker (Feb 20)
- Re: Fixing the glibc runtime linker Paul Pluzhnikov (Feb 20)
- Re: Fixing the glibc runtime linker Rich Felker (Feb 20)
- Re: Fixing the glibc runtime linker Tim Brown (Feb 19)
- Re: Fixing the glibc runtime linker Stuart Gathman (Feb 19)
- Re: Fixing the glibc runtime linker Paul Pluzhnikov (Feb 20)
- Re: Fixing the glibc runtime linker Rich Felker (Feb 21)