Some notes on glibc ld.so exploit
http://seclists.org/fulldisclosure/2010/Oct/257 [seclists.org]
2017-12-14 18:59
A not particularly noteworthy bug, but a fun wrinkle.
From 2010:
I believe this is still a good idea, and LD_HWCAP_MASK is where I would bet the next big loader bug is going to be, it’s just not safe to let attackers have that much control over the execution environment of privileged programs.
From 2017: http://seclists.org/fulldisclosure/2017/Dec/40
- the memory leak (CVE-2017-1000408) first appeared in glibc 2.1.1 (released on May 24, 1999) and can be reached and amplified through the LD_HWCAP_MASK environment variable;
When Tavis says to remove a feature, it’s a good idea to listen...
source: grugq