Blame SOURCES/libffi-3.1-libffi_tmpdir.patch
|
 |
0159ab |
Most temp file directories need to be hardened against execution, but
|
|
|
0159ab |
libffi needs execute privileges. Add a libffi-specific temp directory
|
|
|
0159ab |
that can be set up by sysadmins as needed with suitable permissions.
|
|
|
0159ab |
This both ensures that libffi will have a valid temp directory to use
|
|
|
0159ab |
as well as preventing attempts to access other directories.
|
|
|
0159ab |
|
|
|
0159ab |
diff -rup a/src/closures.c b/src/closures.c
|
|
|
0159ab |
--- a/src/closures.c 2014-05-11 09:54:19.000000000 -0400
|
|
|
0159ab |
+++ b/src/closures.c 2020-04-29 20:50:00.454853909 -0400
|
|
|
0159ab |
@@ -362,6 +362,7 @@ static struct
|
|
|
0159ab |
const char *arg;
|
|
|
0159ab |
int repeat;
|
|
|
0159ab |
} open_temp_exec_file_opts[] = {
|
|
|
0159ab |
+ { open_temp_exec_file_env, "LIBFFI_TMPDIR", 0 },
|
|
|
0159ab |
{ open_temp_exec_file_env, "TMPDIR", 0 },
|
|
|
0159ab |
{ open_temp_exec_file_dir, "/tmp", 0 },
|
|
|
0159ab |
{ open_temp_exec_file_dir, "/var/tmp", 0 },
|