disallow setid binaries with $ORIGIN in PT_INTERP
|Assignee:||Jerry Jelinek||% Done:|
Currently $ORIGIN is honored in a PT_INTERP section regardless of whether the binary is setid or not. If a binary were constructed and setid in this way, it would allow someone else to play games with the interpreter. While this is an extremely rare combination, it's worth clamping it off at the bit.
#2 Updated by Electric Monk almost 2 years ago
- Status changed from New to Closed
commit 03973b9c824451c1d02fc613e033aa196a15ae3c Author: Jerry Jelinek <email@example.com> Date: 2016-05-24T02:22:13.000Z 6987 disallow setid binaries with $ORIGIN in PT_INTERP Reviewed by: Robert Mustacchi <firstname.lastname@example.org> Reviewed by: Joshua M. Clulow <email@example.com> Reviewed by: Dan McDonald <firstname.lastname@example.org> Reviewed by: Andy Stormont <email@example.com> Reviewed by: Garrett D'Amore <firstname.lastname@example.org> Approved by: Dan McDonald <email@example.com>
Also available in: Atom