96 lines
2.6 KiB
Diff
96 lines
2.6 KiB
Diff
commit 5451fa962cd0a90a0e2ec1d8910a559ace02bba0
|
|
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
|
Date: Mon Nov 6 17:25:49 2023 -0300
|
|
|
|
elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static
|
|
|
|
It mimics the ld.so behavior.
|
|
|
|
Checked on x86_64-linux-gnu.
|
|
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
|
|
|
Conflicts:
|
|
elf/dl-support.c
|
|
(tunables are still optional downstream,
|
|
LD_PROFILE_OUTPUT handling is still present
|
|
for static binaries)
|
|
|
|
diff --git a/elf/dl-support.c b/elf/dl-support.c
|
|
index a2e45e7b14e3a6b9..1fea55c443505890 100644
|
|
--- a/elf/dl-support.c
|
|
+++ b/elf/dl-support.c
|
|
@@ -272,8 +272,6 @@ _dl_non_dynamic_init (void)
|
|
_dl_main_map.l_phdr = GL(dl_phdr);
|
|
_dl_main_map.l_phnum = GL(dl_phnum);
|
|
|
|
- _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;
|
|
-
|
|
/* Set up the data structures for the system-supplied DSO early,
|
|
so they can influence _dl_init_paths. */
|
|
setup_vdso (NULL, NULL);
|
|
@@ -281,6 +279,30 @@ _dl_non_dynamic_init (void)
|
|
/* With vDSO setup we can initialize the function pointers. */
|
|
setup_vdso_pointers ();
|
|
|
|
+ if (__libc_enable_secure)
|
|
+ {
|
|
+ static const char unsecure_envvars[] =
|
|
+ UNSECURE_ENVVARS
|
|
+#ifdef EXTRA_UNSECURE_ENVVARS
|
|
+ EXTRA_UNSECURE_ENVVARS
|
|
+#endif
|
|
+ ;
|
|
+ const char *cp = unsecure_envvars;
|
|
+
|
|
+ while (cp < unsecure_envvars + sizeof (unsecure_envvars))
|
|
+ {
|
|
+ __unsetenv (cp);
|
|
+ cp = strchr (cp, '\0') + 1;
|
|
+ }
|
|
+
|
|
+#if !HAVE_TUNABLES
|
|
+ if (__access ("/etc/suid-debug", F_OK) != 0)
|
|
+ __unsetenv ("MALLOC_CHECK_");
|
|
+#endif
|
|
+}
|
|
+
|
|
+ _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;
|
|
+
|
|
/* Initialize the data structures for the search paths for shared
|
|
objects. */
|
|
_dl_init_paths (getenv ("LD_LIBRARY_PATH"), "LD_LIBRARY_PATH",
|
|
@@ -298,32 +320,11 @@ _dl_non_dynamic_init (void)
|
|
_dl_dynamic_weak = *(getenv ("LD_DYNAMIC_WEAK") ?: "") == '\0';
|
|
|
|
_dl_profile_output = getenv ("LD_PROFILE_OUTPUT");
|
|
+
|
|
if (_dl_profile_output == NULL || _dl_profile_output[0] == '\0')
|
|
_dl_profile_output
|
|
= &"/var/tmp\0/var/profile"[__libc_enable_secure ? 9 : 0];
|
|
|
|
- if (__libc_enable_secure)
|
|
- {
|
|
- static const char unsecure_envvars[] =
|
|
- UNSECURE_ENVVARS
|
|
-#ifdef EXTRA_UNSECURE_ENVVARS
|
|
- EXTRA_UNSECURE_ENVVARS
|
|
-#endif
|
|
- ;
|
|
- const char *cp = unsecure_envvars;
|
|
-
|
|
- while (cp < unsecure_envvars + sizeof (unsecure_envvars))
|
|
- {
|
|
- __unsetenv (cp);
|
|
- cp = (const char *) __rawmemchr (cp, '\0') + 1;
|
|
- }
|
|
-
|
|
-#if !HAVE_TUNABLES
|
|
- if (__access ("/etc/suid-debug", F_OK) != 0)
|
|
- __unsetenv ("MALLOC_CHECK_");
|
|
-#endif
|
|
- }
|
|
-
|
|
#ifdef DL_PLATFORM_INIT
|
|
DL_PLATFORM_INIT;
|
|
#endif
|