Red Hat Bugzilla – Bug 146403
Information leak with LD_DEBUG
Last modified: 2016-11-24 09:48:27 EST
Silvio Cesare discovered a potential information leak in glibc. It
allows LD_DEBUG on SUID binaries where it should not be allowed. This
has various security implications, which may be used to gain
P.S. Also applies to 2.1 DE, ES and WS.
2.1 doesn't have PIEs nor randomization, nor prelinking. LD_DEBUG doesn't reveal
you something you can't find out otherwise.