1 From f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d Mon Sep 17 00:00:00 2001
2 From: Florian Weimer <fweimer@redhat.com>
3 Date: Mon, 19 Jun 2017 17:09:55 +0200
4 Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1
7 LD_LIBRARY_PATH can only be used to reorder system search paths, which
8 is not useful functionality.
10 This makes an exploitable unbounded alloca in _dl_init_paths unreachable
11 for AT_SECURE=1 programs.
14 https://sourceware.org/git/?p=glibc.git;a=commit;h=f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d
18 2 files changed, 9 insertions(+), 1 deletion(-)
20 diff --git a/elf/rtld.c b/elf/rtld.c
21 index 2446a87..2269dbe 100644
24 @@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep)
27 /* The library search path. */
28 - if (memcmp (envline, "LIBRARY_PATH", 12) == 0)
29 + if (!__libc_enable_secure
30 + && memcmp (envline, "LIBRARY_PATH", 12) == 0)
32 library_path = &envline[13];