|
 |
b40826 |
2010-12-09 Andreas Schwab <schwab@redhat.com>
|
|
|
b40826 |
|
|
|
b40826 |
* elf/dl-object.c (_dl_new_object): Ignore origin of privileged
|
|
|
b40826 |
program.
|
|
|
b40826 |
|
|
|
b40826 |
2010-10-18 Andreas Schwab <schwab@redhat.com>
|
|
|
b40826 |
|
|
|
b40826 |
* elf/dl-open.c (dl_open_worker): Don't expand DST here, let
|
|
|
b40826 |
_dl_map_object do it.
|
|
|
b40826 |
|
|
|
b40826 |
Index: glibc-2.12-2-gc4ccff1/elf/dl-object.c
|
|
|
b40826 |
===================================================================
|
|
|
b40826 |
--- glibc-2.12-2-gc4ccff1.orig/elf/dl-object.c
|
|
|
b40826 |
+++ glibc-2.12-2-gc4ccff1/elf/dl-object.c
|
|
|
b40826 |
@@ -214,6 +214,9 @@ _dl_new_object (char *realname, const ch
|
|
|
b40826 |
out:
|
|
|
b40826 |
new->l_origin = origin;
|
|
|
b40826 |
}
|
|
|
b40826 |
+ else if (INTUSE(__libc_enable_secure) && type == lt_executable)
|
|
|
b40826 |
+ /* The origin of a privileged program cannot be trusted. */
|
|
|
b40826 |
+ new->l_origin = (char *) -1;
|
|
|
b40826 |
|
|
|
b40826 |
return new;
|
|
|
b40826 |
}
|
|
|
b40826 |
Index: glibc-2.12-2-gc4ccff1/elf/dl-open.c
|
|
|
b40826 |
===================================================================
|
|
|
b40826 |
--- glibc-2.12-2-gc4ccff1.orig/elf/dl-open.c
|
|
|
b40826 |
+++ glibc-2.12-2-gc4ccff1/elf/dl-open.c
|
|
|
b40826 |
@@ -221,35 +221,6 @@ dl_open_worker (void *a)
|
|
|
b40826 |
|
|
|
b40826 |
assert (_dl_debug_initialize (0, args->nsid)->r_state == RT_CONSISTENT);
|
|
|
b40826 |
|
|
|
b40826 |
- /* Maybe we have to expand a DST. */
|
|
|
b40826 |
- if (__builtin_expect (dst != NULL, 0))
|
|
|
b40826 |
- {
|
|
|
b40826 |
- size_t len = strlen (file);
|
|
|
b40826 |
-
|
|
|
b40826 |
- /* Determine how much space we need. We have to allocate the
|
|
|
b40826 |
- memory locally. */
|
|
|
b40826 |
- size_t required = DL_DST_REQUIRED (call_map, file, len,
|
|
|
b40826 |
- _dl_dst_count (dst, 0));
|
|
|
b40826 |
-
|
|
|
b40826 |
- /* Get space for the new file name. */
|
|
|
b40826 |
- char *new_file = (char *) alloca (required + 1);
|
|
|
b40826 |
-
|
|
|
b40826 |
- /* Generate the new file name. */
|
|
|
b40826 |
- _dl_dst_substitute (call_map, file, new_file, 0);
|
|
|
b40826 |
-
|
|
|
b40826 |
- /* If the substitution failed don't try to load. */
|
|
|
b40826 |
- if (*new_file == '\0')
|
|
|
b40826 |
- _dl_signal_error (0, "dlopen", NULL,
|
|
|
b40826 |
- N_("empty dynamic string token substitution"));
|
|
|
b40826 |
-
|
|
|
b40826 |
- /* Now we have a new file name. */
|
|
|
b40826 |
- file = new_file;
|
|
|
b40826 |
-
|
|
|
b40826 |
- /* It does not matter whether call_map is set even if we
|
|
|
b40826 |
- computed it only because of the DST. Since the path contains
|
|
|
b40826 |
- a slash the value is not used. See dl-load.c. */
|
|
|
b40826 |
- }
|
|
|
b40826 |
-
|
|
|
b40826 |
/* Load the named object. */
|
|
|
b40826 |
struct link_map *new;
|
|
|
b40826 |
args->map = new = _dl_map_object (call_map, file, 0, lt_loaded, 0,
|