diff options
author | Carmelo Amoroso <carmelo.amoroso@st.com> | 2011-10-25 12:28:51 +0200 |
---|---|---|
committer | Carmelo Amoroso <carmelo.amoroso@st.com> | 2011-10-25 12:28:51 +0200 |
commit | e4aa966cf25e83cd0c72f34f7855a995ff93944d (patch) | |
tree | 64e05ea7e75064bb994ba3b4df28a2ca29375587 /ldso/ldso | |
parent | 6d71db548d1186a9215bebafaee8e38b6cb7d513 (diff) |
ldso: let people disable to lookup into LD_LIBRARY_PATH
On hardened system it could be useful to disable the use
of LD_LIBRARY_PATH.
Signed-off-by: Carmelo Amoroso <carmelo.amoroso@st.com>
Diffstat (limited to 'ldso/ldso')
-rw-r--r-- | ldso/ldso/dl-elf.c | 3 | ||||
-rw-r--r-- | ldso/ldso/ldso.c | 8 |
2 files changed, 10 insertions, 1 deletions
diff --git a/ldso/ldso/dl-elf.c b/ldso/ldso/dl-elf.c index db2872cd0..308a66c63 100644 --- a/ldso/ldso/dl-elf.c +++ b/ldso/ldso/dl-elf.c @@ -236,6 +236,7 @@ struct elf_resolve *_dl_load_shared_library(int secure, struct dyn_elf **rpnt, } #endif +#ifdef __LDSO_LD_LIBRARY_PATH__ /* Check in LD_{ELF_}LIBRARY_PATH, if specified and allowed */ if (_dl_library_path) { _dl_if_debug_dprint("\tsearching LD_LIBRARY_PATH='%s'\n", _dl_library_path); @@ -244,7 +245,7 @@ struct elf_resolve *_dl_load_shared_library(int secure, struct dyn_elf **rpnt, return tpnt1; } } - +#endif /* * The ABI specifies that RUNPATH is searched after LD_LIBRARY_PATH. */ diff --git a/ldso/ldso/ldso.c b/ldso/ldso/ldso.c index 14f2f7663..fe463b75d 100644 --- a/ldso/ldso/ldso.c +++ b/ldso/ldso/ldso.c @@ -46,7 +46,9 @@ #include LDSO_ELFINTERP /* Global variables used within the shared library loader */ +#ifdef __LDSO_LD_LIBRARY_PATH__ char *_dl_library_path = NULL; /* Where we look for libraries */ +#endif #ifdef __LDSO_PRELOAD_ENV_SUPPORT__ char *_dl_preload = NULL; /* Things to be loaded before the libs */ #endif @@ -457,7 +459,9 @@ void *_dl_get_ready_to_run(struct elf_resolve *tpnt, DL_LOADADDR_TYPE load_addr, #ifdef __LDSO_PRELOAD_ENV_SUPPORT__ _dl_preload = _dl_getenv("LD_PRELOAD", envp); #endif +#ifdef __LDSO_LD_LIBRARY_PATH__ _dl_library_path = _dl_getenv("LD_LIBRARY_PATH", envp); +#endif } else { static const char unsecure_envvars[] = #ifdef EXTRA_UNSECURE_ENVVARS @@ -476,7 +480,9 @@ void *_dl_get_ready_to_run(struct elf_resolve *tpnt, DL_LOADADDR_TYPE load_addr, #ifdef __LDSO_PRELOAD_ENV_SUPPORT__ _dl_preload = NULL; #endif +#ifdef __LDSO_LD_LIBRARY_PATH__ _dl_library_path = NULL; +#endif /* SUID binaries can be exploited if they do LAZY relocation. */ unlazy = RTLD_NOW; } @@ -494,7 +500,9 @@ void *_dl_get_ready_to_run(struct elf_resolve *tpnt, DL_LOADADDR_TYPE load_addr, tpnt->libname = argv[0]; while (argc > 1) if (! _dl_strcmp (argv[1], "--library-path") && argc > 2) { +#ifdef __LDSO_LD_LIBRARY_PATH__ _dl_library_path = argv[2]; +#endif _dl_skip_args += 2; argc -= 2; argv += 2; |