Lluís Batlle i Rossell wrote: > On Wed, Oct 20, 2010 at 03:42:33PM +0400, Yury G. Kudryashov wrote: >> Lluís Batlle i Rossell wrote: >> >> >>From what we talked on irc, I imagine Michael talks about this: >> > http://www.exploit-db.com/exploits/15274/ >> Had anyone reproduced this bug? I haven't, though I haven't tried with >> stdenv-updates. > So, I tried in trunk and stdenv-updates. > In both I get the following assetion failed in ld: > Inconsistency detected by ld.so: dl-open.c: 232: dl_open_worker: Assertion > `(call_map)->l_name[0] == '\0'' failed! > > I tried also with the payload calling a static 'sh' (with 'execl()'). I > got the same message. > > I have not tried the other procedures described in the NOTES. So, this seems to be a false security alert. OTOH, I see nothing bad in this "chmod o-r".
_______________________________________________ nix-dev mailing list [email protected] https://mail.cs.uu.nl/mailman/listinfo/nix-dev
