summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>2004-12-07 06:55:06 +0000
committerUlrich Drepper <drepper@redhat.com>2004-12-07 06:55:06 +0000
commit00a121627cc88aca49d342f674c49d6c14ae1622 (patch)
treefa317ddf265be3bf577d4096ba07b58245b30b19
parentbbd0bf24e928516d47a63d0076d9abafb8ce6e95 (diff)
2004-12-01 Jakub Jelinek <jakub@redhat.com> * elf/rtld.c (process_envvars): Don't consider LD_SHOW_AUXV and LD_DYNAMIC_WEAK if __libc_enable_secure. If __libc_enable_secure, /etc/suid-debug doesn't exist and program will be actually run, turn off all debugging. * sysdeps/generic/unsecvars.h (UNSECURE_ENVVARS): Add LD_DEBUG, LD_DYNAMIC_WEAK and LD_SHOW_AUXV.
-rw-r--r--ChangeLog9
-rw-r--r--elf/rtld.c12
-rw-r--r--sysdeps/generic/unsecvars.h3
3 files changed, 21 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 11ce0635ee..42b924247d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2004-12-01 Jakub Jelinek <jakub@redhat.com>
+
+ * elf/rtld.c (process_envvars): Don't consider LD_SHOW_AUXV
+ and LD_DYNAMIC_WEAK if __libc_enable_secure.
+ If __libc_enable_secure, /etc/suid-debug doesn't exist and
+ program will be actually run, turn off all debugging.
+ * sysdeps/generic/unsecvars.h (UNSECURE_ENVVARS): Add LD_DEBUG,
+ LD_DYNAMIC_WEAK and LD_SHOW_AUXV.
+
2004-12-06 Jakub Jelinek <jakub@redhat.com>
* time/tzset.c (tzset_internal): If + or - is seen,
diff --git a/elf/rtld.c b/elf/rtld.c
index 601fc7d53c..13f7b4f748 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -2158,7 +2158,8 @@ process_envvars (enum mode *modep)
case 9:
/* Test whether we want to see the content of the auxiliary
array passed up from the kernel. */
- if (memcmp (envline, "SHOW_AUXV", 9) == 0)
+ if (!INTUSE(__libc_enable_secure)
+ && memcmp (envline, "SHOW_AUXV", 9) == 0)
_dl_show_auxv ();
break;
@@ -2191,7 +2192,8 @@ process_envvars (enum mode *modep)
break;
}
- if (memcmp (envline, "DYNAMIC_WEAK", 12) == 0)
+ if (!INTUSE(__libc_enable_secure)
+ && memcmp (envline, "DYNAMIC_WEAK", 12) == 0)
GLRO(dl_dynamic_weak) = 1;
break;
@@ -2265,7 +2267,11 @@ process_envvars (enum mode *modep)
while (*nextp != '\0');
if (__access ("/etc/suid-debug", F_OK) != 0)
- unsetenv ("MALLOC_CHECK_");
+ {
+ unsetenv ("MALLOC_CHECK_");
+ if (mode == normal)
+ GLRO(dl_debug_mask) = 0;
+ }
}
/* If we have to run the dynamic linker in debugging mode and the
LD_DEBUG_OUTPUT environment variable is given, we write the debug
diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h
index 8a9dd43ce9..eb77b260d8 100644
--- a/sysdeps/generic/unsecvars.h
+++ b/sysdeps/generic/unsecvars.h
@@ -5,9 +5,12 @@
"LD_PRELOAD\0" \
"LD_LIBRARY_PATH\0" \
"LD_ORIGIN_PATH\0" \
+ "LD_DEBUG\0" \
"LD_DEBUG_OUTPUT\0" \
"LD_PROFILE\0" \
"LD_USE_LOAD_BIAS\0" \
+ "LD_DYNAMIC_WEAK\0" \
+ "LD_SHOW_AUXV\0" \
"GCONV_PATH\0" \
"GETCONF_DIR\0" \
"HOSTALIASES\0" \