[Nix-dev] Re: Re: Re: [Nix-commits] SVN commit: nix - r24378 - nixos/trunk/modules/security

Yury G. Kudryashov urkud+nix at ya.ru
Wed Oct 20 14:15:25 CEST 2010


Lluís Batlle i Rossell wrote:

> On Wed, Oct 20, 2010 at 03:42:33PM +0400, Yury G. Kudryashov wrote:
>> Lluís Batlle i Rossell wrote:
>> 
>> >>From what we talked on irc, I imagine Michael talks about this:
>> > http://www.exploit-db.com/exploits/15274/
>> Had anyone reproduced this bug? I haven't, though I haven't tried with
>> stdenv-updates.
> So, I tried in trunk and stdenv-updates.
> In both I get the following assetion failed in ld:
> Inconsistency detected by ld.so: dl-open.c: 232: dl_open_worker: Assertion
> `(call_map)->l_name[0] == '\0'' failed!
> 
> I tried also with the payload calling a static 'sh' (with 'execl()'). I
> got the same message.
> 
> I have not tried the other procedures described in the NOTES.
So, this seems to be a false security alert. OTOH, I see nothing bad in this 
"chmod o-r".




More information about the nix-dev mailing list