September 1, 2000

Security update to glibc

Author: JT Smith

The problem: The dynamic linker ld.so uses several environment variables like LD_PRELOAD
and LD_LIBRARY_PATH to load additional libraries or modify the library
search path. It is unsafe to accept arbitrary user specified values
of these variables when executing setuid applications, so ld.so handles
them specially in setuid programs and also removes them from the
environment. The
update is at LWN.net.

Category:

  • Linux
Click Here!