Very shoddy that this vulnerability made it out. But why "unfixable"? I can think of mitigations, like noexec /tmp, whitelisting or blacklisting envvars, or maybe something funkier (albeit non-POSIXy) around sandboxing environ. I'm sure there are subtleties with all of those...
-
-
-
It's unfixable (without breaking all existing usage) because the bug is in the public interface by which parameters are passed, not the implementation.
-
Blocking LD_PRELOAD is a band-aid for one of the worst environment-control-based attack vectors. But there are unboundedly many possible attacks.
-
... assuming an unbounded space of env vars might influence the exec'd program? I agree that arbitrarily blocking LD_PRELOAD is a band-aid. But env vars are just inputs... why deprecate wholesale just because a few of them have huge effect on ld.so? Systematic fix feels possible
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.