-
Bug
-
Resolution: Unresolved
-
Undefined
-
rhel-8.10.z, rhel-9.7.z, rhel-10.1.z, rhel-9.8, rhel-10.2
-
glibc-2.39-114.el10
-
None
-
Low
-
ZStream
-
-
1
-
rhel-pt-c-libs
-
3
-
False
-
False
-
-
No
-
PT C Libraries 2026 S03
-
Regression Exception
-
Requested
-
None
-
Unspecified Release Note Type - Unknown
-
Unspecified
-
Unspecified
-
Unspecified
-
None
Use of LD_PROFILE without setting LD_PROFILE_OUTPUT is currently insecure due to the default /var/tmp. We should backport this upstream commit to remove the default.
commit 7b543dcdf97d07fd4346feb17916e08fe83ad0ae
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu Jan 15 22:29:46 2026 +0100
elf: Ignore LD_PROFILE if LD_PROFILE_OUTPUT is not set (bug 33797)
The previous default for LD_PROFILE_OUTPUT, /var/tmp, is insecure
because it's typically a 1777 directory, and other systems could
place malicious files there which interfere with execution.
Requiring the user to specify a profiling directory mitigates
the impact of bug 33797. Clear LD_PROFILE_OUTPUT alongside
with LD_PROFILE.
Rework the test not to use predictable file names.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Upstream does not treat this as a security vulnerability.