diff options
| author | Ulrich Drepper <drepper@redhat.com> | 2000-09-26 09:46:55 +0000 |
|---|---|---|
| committer | Ulrich Drepper <drepper@redhat.com> | 2000-09-26 09:46:55 +0000 |
| commit | 74955460c5b9f23d7783395ce2478f5b7c5fd876 (patch) | |
| tree | e0ddae614d73c52ebaac1e65d3d9fbaf6aafe4e6 | |
| parent | 316ca440b070114ba877455c3dbbcdc1b20e4f33 (diff) | |
Update.
2000-09-26 Thorsten Kukuk <kukuk@suse.de>
* nscd/dbg_log.c (dbg_log): Add missing format string.
* catgets/catgets.c (catopen): Use getenv instead of __secure_getenv
since we filter out the variable once.
* iconv/gconv_conf.c (__gconv_get_path): Likewise.
* locale/newlocale.c (__newlocale): Likewise.
* locale/setlocale.c (setlocale): Likewise.
* malloc/malloc.c (ptmalloc_init): Likewise.
* resolv/res_hconf.c (_res_hconf_init): Likewise.
* resolv/res_init.c (__res_vinit): Likewise.
* time/tzfile.c (__tzfile_read): Likewise.
* sysdeps/generic/unsecvars.h: New file.
* elf/dl-support.c (non_dynamic_init): Use it here to remove variables.
* elf/rtld.c (process_envvars): Likewise.
* elf/Makefile (distribute): Add unsecvars.h.
| -rw-r--r-- | ChangeLog | 18 | ||||
| -rw-r--r-- | catgets/catgets.c | 2 | ||||
| -rw-r--r-- | elf/Makefile | 2 | ||||
| -rw-r--r-- | elf/dl-support.c | 22 | ||||
| -rw-r--r-- | elf/rtld.c | 5 | ||||
| -rw-r--r-- | iconv/gconv_conf.c | 2 | ||||
| -rw-r--r-- | locale/newlocale.c | 2 | ||||
| -rw-r--r-- | locale/setlocale.c | 2 | ||||
| -rw-r--r-- | malloc/malloc.c | 2 | ||||
| -rw-r--r-- | nscd/dbg_log.c | 4 | ||||
| -rw-r--r-- | resolv/res_hconf.c | 2 | ||||
| -rw-r--r-- | resolv/res_init.c | 4 | ||||
| -rw-r--r-- | sysdeps/generic/unsecvars.h | 11 | ||||
| -rw-r--r-- | time/tzfile.c | 4 |
14 files changed, 69 insertions, 13 deletions
@@ -1,5 +1,23 @@ +2000-09-26 Thorsten Kukuk <kukuk@suse.de> + + * nscd/dbg_log.c (dbg_log): Add missing format string. + 2000-09-26 Ulrich Drepper <drepper@redhat.com> + * catgets/catgets.c (catopen): Use getenv instead of __secure_getenv + since we filter out the variable once. + * iconv/gconv_conf.c (__gconv_get_path): Likewise. + * locale/newlocale.c (__newlocale): Likewise. + * locale/setlocale.c (setlocale): Likewise. + * malloc/malloc.c (ptmalloc_init): Likewise. + * resolv/res_hconf.c (_res_hconf_init): Likewise. + * resolv/res_init.c (__res_vinit): Likewise. + * time/tzfile.c (__tzfile_read): Likewise. + * sysdeps/generic/unsecvars.h: New file. + * elf/dl-support.c (non_dynamic_init): Use it here to remove variables. + * elf/rtld.c (process_envvars): Likewise. + * elf/Makefile (distribute): Add unsecvars.h. + * misc/daemon.c (daemon): Fail if !noclose and we cannot open the real /dev/null device. diff --git a/catgets/catgets.c b/catgets/catgets.c index cad515d81a..5014f86b01 100644 --- a/catgets/catgets.c +++ b/catgets/catgets.c @@ -56,7 +56,7 @@ catopen (const char *cat_name, int flag) env_var_len = strlen (env_var) + 1; - nlspath = __secure_getenv ("NLSPATH"); + nlspath = getenv ("NLSPATH"); if (nlspath != NULL && *nlspath != '\0') { /* Append the system dependent directory. */ diff --git a/elf/Makefile b/elf/Makefile index 0fc81e021f..84815b30ea 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -46,7 +46,7 @@ distribute := $(rtld-routines:=.c) dynamic-link.h do-rel.h dl-machine.h \ testobj1.c testobj2.c testobj3.c testobj4.c testobj5.c \ testobj6.c testobj1_1.c failobj.c unloadmod.c \ ldconfig.h ldconfig.c cache.c readlib.c readelflib.c \ - dep1.c dep2.c dep3.c dep4.c dl-dtprocnum.h \ + dep1.c dep2.c dep3.c dep4.c dl-dtprocnum.h unsecvars.h \ vismain.c vismod1.c vismod2.c vismod3.c \ constload2.c constload3.c filtmod1.c filtmod2.c \ nodlopenmod.c nodelete.c nodelmod1.c nodelmod2.c \ diff --git a/elf/dl-support.c b/elf/dl-support.c index 50b37e8166..75d7b1926a 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -27,6 +27,8 @@ #include <ldsodefs.h> #include <dl-machine.h> #include <bits/libc-lock.h> +#include <dl-librecon.h> +#include <unsecvars.h> extern char *__progname; char **_dl_argv = &__progname; /* This is checked for some error messages. */ @@ -125,6 +127,26 @@ non_dynamic_init (void) _dl_dynamic_weak = *(getenv ("LD_DYNAMIC_WEAK") ?: "") == '\0'; + if (__libc_enable_secure) + { + static const char *unsecure_envvars[] = + { + UNSECURE_ENVVARS, +#ifdef EXTRA_UNSECURE_ENVVARS + EXTRA_UNSECURE_ENVVARS +#endif + }; + size_t cnt; + + for (cnt = 0; + cnt < sizeof (unsecure_envvars) / sizeof (unsecure_envvars[0]); + ++cnt) + unsetenv (unsecure_envvars[cnt]); + + if (__access ("/etc/suid-debug", F_OK) != 0) + unsetenv ("MALLOC_CHECK_"); + } + #ifdef DL_PLATFORM_INIT DL_PLATFORM_INIT; #endif diff --git a/elf/rtld.c b/elf/rtld.c index 18ff312baa..d17d83961d 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -30,6 +30,7 @@ #include <bits/libc-lock.h> #include "dynamic-link.h" #include "dl-librecon.h" +#include <unsecvars.h> #include <assert.h> @@ -1465,6 +1466,7 @@ process_envvars (enum mode *modep, int *lazyp) { static const char *unsecure_envvars[] = { + UNSECURE_ENVVARS, #ifdef EXTRA_UNSECURE_ENVVARS EXTRA_UNSECURE_ENVVARS #endif @@ -1486,6 +1488,9 @@ process_envvars (enum mode *modep, int *lazyp) cnt < sizeof (unsecure_envvars) / sizeof (unsecure_envvars[0]); ++cnt) unsetenv (unsecure_envvars[cnt]); + + if (__access ("/etc/suid-debug", F_OK) != 0) + unsetenv ("MALLOC_CHECK_"); } /* The name of the object to profile cannot be empty. */ diff --git a/iconv/gconv_conf.c b/iconv/gconv_conf.c index 4746f43bbb..57c832d6a9 100644 --- a/iconv/gconv_conf.c +++ b/iconv/gconv_conf.c @@ -420,7 +420,7 @@ __gconv_get_path (void) char *cwd; size_t cwdlen; - user_path = __secure_getenv ("GCONV_PATH"); + user_path = getenv ("GCONV_PATH"); if (user_path == NULL) { /* No user-defined path. Make a modifiable copy of the diff --git a/locale/newlocale.c b/locale/newlocale.c index 5c0d7ba46a..cd40943ccc 100644 --- a/locale/newlocale.c +++ b/locale/newlocale.c @@ -91,7 +91,7 @@ __newlocale (int category_mask, const char *locale, __locale_t base) locale_path = NULL; locale_path_len = 0; - locpath_var = __secure_getenv ("LOCPATH"); + locpath_var = getenv ("LOCPATH"); if (locpath_var != NULL && locpath_var[0] != '\0') if (__argz_create_sep (locpath_var, ':', &locale_path, &locale_path_len) != 0) diff --git a/locale/setlocale.c b/locale/setlocale.c index 03456fba71..c3e5066c35 100644 --- a/locale/setlocale.c +++ b/locale/setlocale.c @@ -239,7 +239,7 @@ setlocale (int category, const char *locale) locale_path = NULL; locale_path_len = 0; - locpath_var = __secure_getenv ("LOCPATH"); + locpath_var = getenv ("LOCPATH"); if (locpath_var != NULL && locpath_var[0] != '\0') if (__argz_create_sep (locpath_var, ':', &locale_path, &locale_path_len) != 0) diff --git a/malloc/malloc.c b/malloc/malloc.c index 46a4db221d..9a8a087560 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -1722,7 +1722,7 @@ ptmalloc_init __MALLOC_P((void)) mALLOPt(M_MMAP_MAX, atoi(s)); } s = getenv("MALLOC_CHECK_"); - if(s && (! secure || access ("/etc/suid-debug", F_OK) == 0)) { + if(s) { if(s[0]) mALLOPt(M_CHECK_ACTION, (int)(s[0] - '0')); __malloc_check_init(); } diff --git a/nscd/dbg_log.c b/nscd/dbg_log.c index 21997cdcf4..69252592a8 100644 --- a/nscd/dbg_log.c +++ b/nscd/dbg_log.c @@ -1,4 +1,4 @@ -/* Copyright (c) 1998 Free Software Foundation, Inc. +/* Copyright (c) 1998, 2000 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1998. @@ -61,7 +61,7 @@ dbg_log (const char *fmt,...) else { snprintf (msg, sizeof (msg), "%d: %s", getpid (), msg2); - syslog (LOG_NOTICE, msg); + syslog (LOG_NOTICE, "%s", msg); } va_end (ap); } diff --git a/resolv/res_hconf.c b/resolv/res_hconf.c index 243cfbe0ec..cb5fe38a51 100644 --- a/resolv/res_hconf.c +++ b/resolv/res_hconf.c @@ -327,7 +327,7 @@ _res_hconf_init (void) memset (&_res_hconf, '\0', sizeof (_res_hconf)); - hconf_name = __secure_getenv (ENV_HOSTCONF); + hconf_name = getenv (ENV_HOSTCONF); if (hconf_name == NULL) hconf_name = _PATH_HOSTCONF; diff --git a/resolv/res_init.c b/resolv/res_init.c index e0ea6edc3a..fa60b77c81 100644 --- a/resolv/res_init.c +++ b/resolv/res_init.c @@ -185,7 +185,7 @@ __res_vinit(res_state statp, int preinit) { #endif /* Allow user to override the local domain definition */ - if ((cp = __secure_getenv("LOCALDOMAIN")) != NULL) { + if ((cp = getenv("LOCALDOMAIN")) != NULL) { (void)strncpy(statp->defdname, cp, sizeof(statp->defdname) - 1); statp->defdname[sizeof(statp->defdname) - 1] = '\0'; haveenv++; @@ -423,7 +423,7 @@ __res_vinit(res_state statp, int preinit) { #endif /* !RFC1535 */ } - if ((cp = __secure_getenv("RES_OPTIONS")) != NULL) + if ((cp = getenv("RES_OPTIONS")) != NULL) res_setoptions(statp, cp, "env"); statp->options |= RES_INIT; return (0); diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h new file mode 100644 index 0000000000..57b3368b6c --- /dev/null +++ b/sysdeps/generic/unsecvars.h @@ -0,0 +1,11 @@ +/* Environment variable to be removed for SUID programs. */ +#define UNSECURE_ENVVARS \ + "GCONV_PATH", \ + "LOCALDOMAIN", \ + "LOCPATH", \ + "MALLOC_TRACE", \ + "NLSPATH", \ + "RESOLV_HOST_CONF" \ + "RES_OPTIONS", \ + "TMPDIR", \ + "TZDIR" diff --git a/time/tzfile.c b/time/tzfile.c index a2974033d4..c55ad5c509 100644 --- a/time/tzfile.c +++ b/time/tzfile.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1991,92,93,95,96,97,98,99 Free Software Foundation, Inc. +/* Copyright (C) 1991,92,93,95,96,97,98,99,2000 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -130,7 +130,7 @@ __tzfile_read (const char *file, size_t extra, char **extrap) unsigned int len, tzdir_len; char *new, *tmp; - tzdir = __secure_getenv ("TZDIR"); + tzdir = getenv ("TZDIR"); if (tzdir == NULL || *tzdir == '\0') { tzdir = default_tzdir; |