On the glibc bugs (CVE-2016-1000366), civodul said: [21:02:26] <civodul> lfam: i *think* GuixSD is immune to the LD_LIBRARY_PATH one, FWIW [...] [21:02:43] <civodul> lfam: because of the way is_trusted_path works in glibc
https://gnunet.org/bot/log/guix/2017-06-19#T1422600 Relevant upstream commits: CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1 programs [BZ #21624] https://sourceware.org/git/?p=glibc.git;a=commit;h=f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d ld.so: Reject overly long LD_PRELOAD path elements https://sourceware.org/git/?p=glibc.git;a=commit;h=6d0ba622891bed9d8394eef1935add53003b12e8 ld.so: Reject overly long LD_AUDIT path elements: https://sourceware.org/git/?p=glibc.git;a=commit;h=81b82fb966ffbd94353f793ad17116c6088dedd9
signature.asc
Description: PGP signature