From 6043d77a47de297b62084c1c261cdada082bf09c Mon Sep 17 00:00:00 2001 From: Andreas Schwab Date: Mon, 28 Aug 2017 19:49:18 +0200 Subject: [PATCH 15] ldd: never run file directly (cherry picked from commit eedca9772e99c72ab4c3c34e43cc764250aa3e3c) --- ChangeLog | 6 ++++++ NEWS | 9 +++++++++ elf/ldd.bash.in | 14 +------------- 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index ad05da8ade..fa27c6f66f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2017-08-16 Andreas Schwab + + [BZ #16750] + CVE-2009-5064 + * elf/ldd.bash.in: Never run file directly. + 2017-08-10 Florian Weimer * inet/net-internal.h (__inet6_scopeid_pton): Remove diff --git a/NEWS b/NEWS index 0534c5296e..756e849643 100644 --- a/NEWS +++ b/NEWS @@ -7,8 +7,17 @@ using `glibc' in the "product" field. Version 2.26.1 +Security related changes: + + CVE-2009-5064: The ldd script would sometimes run the program under + examination directly, without preventing code execution through the + dynamic linker. (The glibc project disputes that this is a security + vulnerability; only trusted binaries must be examined using the ldd + script.) + The following bugs are resolved with this release: + [16750] ldd: Never run file directly. [21242] assert: Suppress pedantic warning caused by statement expression [21780] posix: Set p{read,write}v2 to return ENOTSUP [21871] x86-64: Use _dl_runtime_resolve_opt only with AVX512F diff --git a/elf/ldd.bash.in b/elf/ldd.bash.in index 7dd1fccf24..686785e235 100644 --- a/elf/ldd.bash.in +++ b/elf/ldd.bash.in @@ -164,18 +164,6 @@ warning: you do not have execution permission for" "\`$file'" >&2 fi done case $ret in - 0) - # If the program exits with exit code 5, it means the process has been - # invoked with __libc_enable_secure. Fall back to running it through - # the dynamic linker. - try_trace "$file" - rc=$? - if [ $rc = 5 ]; then - try_trace "$RTLD" "$file" - rc=$? - fi - [ $rc = 0 ] || result=1 - ;; 1) # This can be a non-ELF binary or no binary at all. nonelf "$file" || { @@ -183,7 +171,7 @@ warning: you do not have execution permission for" "\`$file'" >&2 result=1 } ;; - 2) + 0|2) try_trace "$RTLD" "$file" || result=1 ;; *)