mudflap accepts options via $MUDFLAP_OPTIONS even when running setuid.
-viol-gdb option invokes programs upon error detection which is bad.
Note that NULL ptr derefs which are unexploitable in userspace programs, then
become exploitable.
Fix by either ignoring this variable for setuid's (other options
are bad too; what worth a mudflap if it can be disabled for
setuids which it should protect) or some other magic.
--
Summary: security: mudflap acepts environment variables if setuid
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: major
Priority: P3
Component: libmudflap
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: krahmer at suse dot de
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41433
