BlanK0@lemmy.ml to Security@lemmy.ml · 9 months agoRoot access vulnerability in glibc library impacts many Linux distrossecurityaffairs.comexternal-linkmessage-square4fedilinkarrow-up125arrow-down10cross-posted to: linux@lemmy.ml
arrow-up125arrow-down1external-linkRoot access vulnerability in glibc library impacts many Linux distrossecurityaffairs.comBlanK0@lemmy.ml to Security@lemmy.ml · 9 months agomessage-square4fedilinkcross-posted to: linux@lemmy.ml
minus-squareimmibis@social.immibis.comlinkfedilinkarrow-up4·9 months ago@BlanK0 @security the fix commit says the problem occurs when the program name is very long - so probably not very exploitable, as the program name is usually set in stone.
minus-squareCameronDev@programming.devlinkfedilinkarrow-up2·edit-29 months agoSymlink or copy/rename could trigger it, as long as there is a user writable area with execute perms? /home usually allows exec? Also some of the exec* functions allow manipulating the argv[0], so possibly another vector there.
@BlanK0 @security the fix commit says the problem occurs when the program name is very long - so probably not very exploitable, as the program name is usually set in stone.
Thx for pointing that out 🤙
Symlink or copy/rename could trigger it, as long as there is a user writable area with execute perms? /home usually allows exec?
Also some of the exec* functions allow manipulating the argv[0], so possibly another vector there.