diff options
author | Florian Weimer <fweimer@redhat.com> | 2015-10-15 09:23:07 +0200 |
---|---|---|
committer | Florian Weimer <fweimer@redhat.com> | 2015-10-15 09:23:32 +0200 |
commit | a014cecd82b71b70a6a843e250e06b541ad524f7 (patch) | |
tree | d402fc41e0212d4feb335c39972752fc5e320d3a /NEWS | |
parent | 0c25f5b5bb48a9d550b5fb403b9a801ba04c146f (diff) | |
download | glibc-a014cecd82b71b70a6a843e250e06b541ad524f7.zip glibc-a014cecd82b71b70a6a843e250e06b541ad524f7.tar.gz glibc-a014cecd82b71b70a6a843e250e06b541ad524f7.tar.bz2 |
Always enable pointer guard [BZ #18928]
Honoring the LD_POINTER_GUARD environment variable in AT_SECURE mode
has security implications. This commit enables pointer guard
unconditionally, and the environment variable is now ignored.
[BZ #18928]
* sysdeps/generic/ldsodefs.h (struct rtld_global_ro): Remove
_dl_pointer_guard member.
* elf/rtld.c (_rtld_global_ro): Remove _dl_pointer_guard
initializer.
(security_init): Always set up pointer guard.
(process_envvars): Do not process LD_POINTER_GUARD.
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 13 |
1 files changed, 8 insertions, 5 deletions
@@ -16,11 +16,14 @@ Version 2.23 18265, 18370, 18421, 18480, 18525, 18595, 18589, 18610, 18618, 18647, 18661, 18674, 18675, 18681, 18724, 18757, 18778, 18781, 18787, 18789, 18790, 18795, 18796, 18803, 18820, 18823, 18824, 18825, 18857, 18863, - 18870, 18872, 18873, 18875, 18887, 18921, 18951, 18952, 18956, 18961, - 18966, 18967, 18969, 18970, 18977, 18980, 18981, 18985, 19003, 19007, - 19012, 19016, 19018, 19032, 19046, 19049, 19050, 19059, 19071, 19074, - 19076, 19077, 19078, 19079, 19085, 19086, 19088, 19094, 19095, 19124, - 19125, 19129, 19134 + 18870, 18872, 18873, 18875, 18887, 18921, 18928, 18951, 18952, 18956, + 18961, 18966, 18967, 18969, 18970, 18977, 18980, 18981, 18985, 19003, + 19007, 19012, 19016, 19018, 19032, 19046, 19049, 19050, 19059, 19071, + 19074, 19076, 19077, 19078, 19079, 19085, 19086, 19088, 19094, 19095, + 19124, 19125, 19129, 19134 + +* The LD_POINTER_GUARD environment variable can no longer be used to + disable the pointer guard feature. It is always enabled. * The obsolete header <regexp.h> has been removed. Programs that require this header must be updated to use <regex.h> instead. |