This is the commit that added the protection: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=800179c9b8a1e796e441674776d11cd4c05d61d7
Ubuntu must turn it on by default. The risk, without that kernel option turned on, is: 1. High priv (setuid etc) binary with $ORIGIN runpath 2. Low priv user hard-links binary into a directory they control 3. Create malicious shared library that binary will load from $ORIGIN runpath. I think that the kernel protection prevents 2. And I don't know if there's any other exploits. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/565002 Title: ldopen failing with relative path when linux capability is set To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/565002/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
