Summary: | gcc-config-1.7.3 and maybe previous versions called insecure ldconfig | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | nobody <noreply> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | critical | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
nobody
2012-10-09 23:50:32 UTC
no explanation as to how this could possibly be a problem. you could make the same argument for cp, mv, touch, sed, env-update, or any other program. i assume if you make an ldconfig in a directory with +x the call for ldconfig might run that version instead of /sbin one. i was wrong, something i should have try before. sorry for the noise. |