mudflap accepts options via $MUDFLAP_OPTIONS even when running setuid. -viol-gdb option invokes programs upon error detection which is bad. Note that NULL ptr derefs which are unexploitable in userspace programs, then become exploitable. Fix by either ignoring this variable for setuid's (other options are bad too; what worth a mudflap if it can be disabled for setuids which it should protect) or some other magic.
-- Summary: security: mudflap acepts environment variables if setuid Product: gcc Version: unknown Status: UNCONFIRMED Severity: major Priority: P3 Component: libmudflap AssignedTo: unassigned at gcc dot gnu dot org ReportedBy: krahmer at suse dot de http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41433