Gentoo Logo

About | Projects | Docs | Forums | Lists | Bugs | Get Gentoo! | Support | Planet | Wiki

Gentoo Spaceship
Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Pavel Labushev <p.labushev@...>
Subject: Re: #342619 RESOLVED WONTFIX
Date: Thu, 28 Oct 2010 09:23:03 +0800 
> I didn't test that patch; even if it's incorrect, bugreport is not about
> a patch. It's about a security issue.

Well, the bug report is about the patch. There's another bug about the
issues with LD_AUDIT: https://bugs.gentoo.org/show_bug.cgi?id=341755

> This proof-of-concept exploit still works in gentoo (amd64 stable at least,
> even hardened!), because some dangerous variables are not filtered out.

It still works because glibc-2.11.2-r2 with the fix is still keyworded
(yeah, epic fail goes on).
Replies:
Re: #342619 RESOLVED WONTFIX
-- Mateusz Arkadiusz Mierzwinski
References:
#342619 RESOLVED WONTFIX
-- dev-random
Re: #342619 RESOLVED WONTFIX
-- Kirktis
Re: #342619 RESOLVED WONTFIX
-- Volker Armin Hemmann
Re: #342619 RESOLVED WONTFIX
-- dev-random
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: #342619 RESOLVED WONTFIX
Next by thread:
Re: #342619 RESOLVED WONTFIX
Previous by date:
Re: #342619 RESOLVED WONTFIX
Next by date:
Re: #342619 RESOLVED WONTFIX


Updated May 10, 2012

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.