Update.
* elf/elf.h: Add dynamic tag definitions for prelinking. * elf/rtld.c (process_envvars): Avoid using array of string pointers. Rewrite code to remove environment varables for SUID binaries. Small optimization in LD_PROFILE handling. * sysdeps/generic/unsecvars.h: Adjust format for process_envvars changes. * sysdeps/unix/sysv/linux/i386/dl-librecon.h: Likewise. * sysdeps/generic/dl-sysdep.c: Don't initialize _dl_cpuclock_offset.
This commit is contained in:
parent
ea41b9267d
commit
c95f3fd42e
11
ChangeLog
11
ChangeLog
@ -1,5 +1,16 @@
|
||||
2001-11-05 Ulrich Drepper <drepper@redhat.com>
|
||||
|
||||
* elf/elf.h: Add dynamic tag definitions for prelinking.
|
||||
|
||||
* elf/rtld.c (process_envvars): Avoid using array of string pointers.
|
||||
Rewrite code to remove environment varables for SUID binaries.
|
||||
Small optimization in LD_PROFILE handling.
|
||||
* sysdeps/generic/unsecvars.h: Adjust format for process_envvars
|
||||
changes.
|
||||
* sysdeps/unix/sysv/linux/i386/dl-librecon.h: Likewise.
|
||||
|
||||
* sysdeps/generic/dl-sysdep.c: Don't initialize _dl_cpuclock_offset.
|
||||
|
||||
* elf/dl-reloc.c (_dl_reloc_bad_type): Rewrite to not use writable
|
||||
strings. Change type of second parameter.
|
||||
* sysdeps/generic/ldsodefs.h: Adjust _dl_reloc_bad_type prototype
|
||||
|
@ -663,6 +663,9 @@ typedef struct
|
||||
Dyn.d_un.d_val field of the Elf*_Dyn structure. This follows Sun's
|
||||
approach. */
|
||||
#define DT_VALRNGLO 0x6ffffd00
|
||||
#define DT_GNU_PRELINKED 0x6ffffdf5 /* Prelinking timestamp */
|
||||
#define DT_GNU_CONFLICTSZ 0x6ffffdf6 /* Size of conflict section */
|
||||
#define DT_GNU_LIBLISTSZ 0x6ffffdf7 /* Size of library list */
|
||||
#define DT_CHECKSUM 0x6ffffdf8
|
||||
#define DT_PLTPADSZ 0x6ffffdf9
|
||||
#define DT_MOVEENT 0x6ffffdfa
|
||||
@ -680,6 +683,8 @@ typedef struct
|
||||
If any adjustment is made to the ELF object after it has been
|
||||
built these entries will need to be adjusted. */
|
||||
#define DT_ADDRRNGLO 0x6ffffe00
|
||||
#define DT_GNU_CONFLICT 0x6ffffef8 /* Start of conflict section */
|
||||
#define DT_GNU_LIBLIST 0x6ffffef9 /* Library list */
|
||||
#define DT_CONFIG 0x6ffffefa /* Configuration information. */
|
||||
#define DT_DEPAUDIT 0x6ffffefb /* Dependency auditing. */
|
||||
#define DT_AUDIT 0x6ffffefc /* Object auditing. */
|
||||
|
39
elf/rtld.c
39
elf/rtld.c
@ -1345,7 +1345,7 @@ process_envvars (enum mode *modep)
|
||||
}
|
||||
|
||||
/* Which shared object shall be profiled. */
|
||||
if (memcmp (envline, "PROFILE", 7) == 0)
|
||||
if (memcmp (envline, "PROFILE", 7) == 0 && envline[8] != '\0')
|
||||
_dl_profile = &envline[8];
|
||||
break;
|
||||
|
||||
@ -1430,38 +1430,27 @@ process_envvars (enum mode *modep)
|
||||
variables. */
|
||||
if (__builtin_expect (__libc_enable_secure, 0))
|
||||
{
|
||||
static const char *unsecure_envvars[] =
|
||||
{
|
||||
UNSECURE_ENVVARS,
|
||||
static const char unsecure_envvars[] =
|
||||
#ifdef EXTRA_UNSECURE_ENVVARS
|
||||
EXTRA_UNSECURE_ENVVARS
|
||||
#endif
|
||||
};
|
||||
size_t cnt;
|
||||
UNSECURE_ENVVARS;
|
||||
const char *nextp;
|
||||
|
||||
if (preloadlist != NULL)
|
||||
unsetenv ("LD_PRELOAD");
|
||||
if (library_path != NULL)
|
||||
unsetenv ("LD_LIBRARY_PATH");
|
||||
if (_dl_origin_path != NULL)
|
||||
unsetenv ("LD_ORIGIN_PATH");
|
||||
if (debug_output != NULL)
|
||||
unsetenv ("LD_DEBUG_OUTPUT");
|
||||
if (_dl_profile != NULL)
|
||||
unsetenv ("LD_PROFILE");
|
||||
|
||||
for (cnt = 0;
|
||||
cnt < sizeof (unsecure_envvars) / sizeof (unsecure_envvars[0]);
|
||||
++cnt)
|
||||
unsetenv (unsecure_envvars[cnt]);
|
||||
nextp = unsecure_envvars;
|
||||
do
|
||||
{
|
||||
unsetenv (nextp);
|
||||
nextp = (char *) rawmemchr (nextp, '\0') + 1;
|
||||
}
|
||||
while (*nextp != '\0');
|
||||
|
||||
if (__access ("/etc/suid-debug", F_OK) != 0)
|
||||
unsetenv ("MALLOC_CHECK_");
|
||||
}
|
||||
|
||||
/* The name of the object to profile cannot be empty. */
|
||||
if (_dl_profile != NULL && *_dl_profile == '\0')
|
||||
_dl_profile = NULL;
|
||||
/* The caller wants this information. */
|
||||
*modep = mode;
|
||||
|
||||
/* If we have to run the dynamic linker in debugging mode and the
|
||||
LD_DEBUG_OUTPUT environment variable is given, we write the debug
|
||||
@ -1487,8 +1476,6 @@ process_envvars (enum mode *modep)
|
||||
/* We use standard output if opening the file failed. */
|
||||
_dl_debug_fd = STDOUT_FILENO;
|
||||
}
|
||||
|
||||
*modep = mode;
|
||||
}
|
||||
|
||||
|
||||
|
@ -63,7 +63,7 @@ void *__libc_stack_end;
|
||||
static ElfW(auxv_t) *_dl_auxv;
|
||||
unsigned long int _dl_hwcap_mask = HWCAP_IMPORTANT;
|
||||
#if HP_TIMING_AVAIL
|
||||
hp_timing_t _dl_cpuclock_offset = 0;
|
||||
hp_timing_t _dl_cpuclock_offset;
|
||||
#endif
|
||||
|
||||
#ifndef DL_FIND_ARG_COMPONENTS
|
||||
|
@ -1,12 +1,19 @@
|
||||
/* Environment variable to be removed for SUID programs. */
|
||||
/* Environment variable to be removed for SUID programs. The names are
|
||||
all stuffed in a single string which means they have to be terminated
|
||||
with a '\0' explicitly. */
|
||||
#define UNSECURE_ENVVARS \
|
||||
"GCONV_PATH", \
|
||||
"HOSTALIASES", \
|
||||
"LOCALDOMAIN", \
|
||||
"LOCPATH", \
|
||||
"MALLOC_TRACE", \
|
||||
"NLSPATH", \
|
||||
"RESOLV_HOST_CONF", \
|
||||
"RES_OPTIONS", \
|
||||
"TMPDIR", \
|
||||
"TZDIR"
|
||||
"LD_PRELOAD\0" \
|
||||
"LD_LIBRARY_PATH\0" \
|
||||
"LD_ORIGIN_PATH\0" \
|
||||
"LD_DEBUG_OUTPUT\0" \
|
||||
"LD_PROFILE\0" \
|
||||
"GCONV_PATH\0" \
|
||||
"HOSTALIASES\0" \
|
||||
"LOCALDOMAIN\0" \
|
||||
"LOCPATH\0" \
|
||||
"MALLOC_TRACE\0" \
|
||||
"NLSPATH\0" \
|
||||
"RESOLV_HOST_CONF\0" \
|
||||
"RES_OPTIONS\0" \
|
||||
"TMPDIR\0" \
|
||||
"TZDIR\0"
|
||||
|
@ -72,13 +72,16 @@
|
||||
} \
|
||||
\
|
||||
case 15: \
|
||||
if (memcmp (envline, "LIBRARY_VERSION", 15) == 0) \
|
||||
if (memcmp (envline, "LIBRARY_VERSION", 15) == 0) \
|
||||
{ \
|
||||
_dl_correct_cache_id = envline[16] == '5' ? 2 : 3; \
|
||||
break; \
|
||||
}
|
||||
|
||||
/* Extra unsecure variables. */
|
||||
#define EXTRA_UNSECURE_ENVVARS "LD_AOUT_LIBRARY_PATH", "LD_AOUT_PRELOAD"
|
||||
/* Extra unsecure variables. The names are all stuffed in a single
|
||||
string which means they have to be terminated with a '\0' explicitly. */
|
||||
#define EXTRA_UNSECURE_ENVVARS \
|
||||
"LD_AOUT_LIBRARY_PATH\0" \
|
||||
"LD_AOUT_PRELOAD\0"
|
||||
|
||||
#endif /* dl-librecon.h */
|
||||
|
Loading…
Reference in New Issue
Block a user