`suid` is affected by `glibc` bug CVE-2023-4911

hilbix / suid

run programs and scripts suid

Other

0 stars 0 forks source link

`suid` is affected by `glibc` bug CVE-2023-4911 #24

Open hilbix opened 1 year ago

hilbix commented 1 year ago

This is not a bug of suid itself but the standard library.

It is believed that updating to a fixed glibc version also closes any vulnerability of suid. But in case suid is compiled statically this fix might not be enough, as it also must be statically linked against a fixed version of glibc.

To mitigate that possible risk, a new version of suid should be applied which checks for a fixed version of glibc as well and the README should be updated accordingly.

hilbix commented 1 year ago

README.md has been updated.

However I currently lack the time to implement a glibc test program to only allow safely compiled static versions of suid.

Recommendation / Workaround:

hilbix / suid

`suid` is affected by `glibc` bug CVE-2023-4911 #24

Do not use a statically compiled version of suid. And do not use make static!

Do not use a statically compiled version of `suid`. And do not use `make static`!