setuid library search path: The GNU C library dynamic linker expands $ORIGIN

Users of setuid library search path please be advised of The GNU C library dynamic linker expands $ORIGIN vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (

GNU-SA-10/18/2010: The GNU C library dynamic linker expands $ORIGIN in setuid library search path

For security, the dynamic linker does not allow use of $ORIGIN substitution

sequences for set-user and set-group ID programs. For such sequences that

appear within strings specified by DT_RUNPATH dynamic array entries, the

specific search path containing the $ORIGIN sequence is ignored (though other

search paths in the same string are processed). $ORIGIN sequences within a

DT_NEEDED entry or path passed as a parameter to dlopen() are treated as

errors. The same restrictions may be applied to processes that have more than

minimal privileges on systems with installed extended security mechanisms.Read more at