summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoakim Tjernlund <joakim.tjernlund@transmode.se>2005-03-14 08:48:42 +0000
committerJoakim Tjernlund <joakim.tjernlund@transmode.se>2005-03-14 08:48:42 +0000
commit3b67c539e3f14a7acf59608d6f7a37b710033a5c (patch)
treea6d6bdb551f8eaffb4aa38785304109a83e2422c
parentbed3e178c5a3dc939aa0b71dcdd5262e48309ac2 (diff)
Force suid apps to do unlazy binding of the PLT relocs.
See http://bugs.gentoo.org/show_bug.cgi?id=71609 for more details. Reported by Peter Mazinger.
-rw-r--r--ldso/ldso/ldso.c62
1 files changed, 32 insertions, 30 deletions
diff --git a/ldso/ldso/ldso.c b/ldso/ldso/ldso.c
index 82cd0d3dd..ab6f94e14 100644
--- a/ldso/ldso/ldso.c
+++ b/ldso/ldso/ldso.c
@@ -138,6 +138,38 @@ void _dl_get_ready_to_run(struct elf_resolve *tpnt, unsigned long load_addr,
if (_dl_getenv("LD_BIND_NOW", envp))
unlazy = RTLD_NOW;
+ /* Now we need to figure out what kind of options are selected.
+ * Note that for SUID programs we ignore the settings in
+ * LD_LIBRARY_PATH.
+ */
+ if ((auxvt[AT_UID].a_un.a_val == -1 && _dl_suid_ok()) ||
+ (auxvt[AT_UID].a_un.a_val != -1 &&
+ auxvt[AT_UID].a_un.a_val == auxvt[AT_EUID].a_un.a_val &&
+ auxvt[AT_GID].a_un.a_val == auxvt[AT_EGID].a_un.a_val)) {
+ _dl_secure = 0;
+ _dl_preload = _dl_getenv("LD_PRELOAD", envp);
+ _dl_library_path = _dl_getenv("LD_LIBRARY_PATH", envp);
+ } else {
+ static const char unsecure_envvars[] =
+#ifdef EXTRA_UNSECURE_ENVVARS
+ EXTRA_UNSECURE_ENVVARS
+#endif
+ UNSECURE_ENVVARS;
+ const char *nextp;
+ _dl_secure = 1;
+
+ nextp = unsecure_envvars;
+ do {
+ _dl_unsetenv (nextp, envp);
+ /* We could use rawmemchr but this need not be fast. */
+ nextp = (char *) _dl_strchr(nextp, '\0') + 1;
+ } while (*nextp != '\0');
+ _dl_preload = NULL;
+ _dl_library_path = NULL;
+ /* SUID binaries can be exploited if they do LAZY relocation. */
+ unlazy = RTLD_NOW;
+ }
+
/* At this point we are now free to examine the user application,
* and figure out which libraries are supposed to be called. Until
* we have this list, we will not be completely ready for dynamic
@@ -270,36 +302,6 @@ void _dl_get_ready_to_run(struct elf_resolve *tpnt, unsigned long load_addr,
app_tpnt->relro_addr = relro_addr;
app_tpnt->relro_size = relro_size;
- /* Now we need to figure out what kind of options are selected.
- * Note that for SUID programs we ignore the settings in
- * LD_LIBRARY_PATH.
- */
- if ((auxvt[AT_UID].a_un.a_val == -1 && _dl_suid_ok()) ||
- (auxvt[AT_UID].a_un.a_val != -1 &&
- auxvt[AT_UID].a_un.a_val == auxvt[AT_EUID].a_un.a_val &&
- auxvt[AT_GID].a_un.a_val == auxvt[AT_EGID].a_un.a_val)) {
- _dl_secure = 0;
- _dl_preload = _dl_getenv("LD_PRELOAD", envp);
- _dl_library_path = _dl_getenv("LD_LIBRARY_PATH", envp);
- } else {
- static const char unsecure_envvars[] =
-#ifdef EXTRA_UNSECURE_ENVVARS
- EXTRA_UNSECURE_ENVVARS
-#endif
- UNSECURE_ENVVARS;
- const char *nextp;
- _dl_secure = 1;
-
- nextp = unsecure_envvars;
- do {
- _dl_unsetenv (nextp, envp);
- /* We could use rawmemchr but this need not be fast. */
- nextp = (char *) _dl_strchr(nextp, '\0') + 1;
- } while (*nextp != '\0');
- _dl_preload = NULL;
- _dl_library_path = NULL;
- }
-
#ifdef __SUPPORT_LD_DEBUG__
_dl_debug = _dl_getenv("LD_DEBUG", envp);
if (_dl_debug) {