From fdd11d6cc0f4c75f75c62fb7d419d157ce00c956 Mon Sep 17 00:00:00 2001 From: =?utf-8?q?Diego=20Elio=20'Flameeyes'=20Petten=C3=B2?= Date: Tue, 7 Jul 2009 20:51:53 +0200 Subject: [PATCH] Remove exploitable LD_BIND_NOW hack. Instead of trying to re-execute pulseaudio itself with LD_BIND_NOW set, just find the correct flag for the linker to request immediate bindings (all ELF files support that option), and use that when linking the daemon. Reduce the amount of compiled and executed code as well. --- src/Makefile.am | 4 ++-- src/daemon/main.c | 19 ------------------- 2 files changed, 2 insertions(+), 21 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 2ac4f3d..7d1c431 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -147,9 +147,9 @@ PREOPEN_LIBS = $(modlibexec_LTLIBRARIES) endif if FORCE_PREOPEN -pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f)) +pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -Wl,-z,now -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f)) else -pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f)) +pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -Wl,-z,now -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f)) endif if HAVE_POLKIT diff --git a/src/daemon/main.c b/src/daemon/main.c index 4276d1d..c788917 100644 --- a/src/daemon/main.c +++ b/src/daemon/main.c @@ -340,25 +340,6 @@ int main(int argc, char *argv[]) { #endif -#if defined(__linux__) && defined(__OPTIMIZE__) - /* - Disable lazy relocations to make usage of external libraries - more deterministic for our RT threads. We abuse __OPTIMIZE__ as - a check whether we are a debug build or not. - */ - - if (!getenv("LD_BIND_NOW")) { - char *rp; - - /* We have to execute ourselves, because the libc caches the - * value of $LD_BIND_NOW on initialization. */ - - putenv(pa_xstrdup("LD_BIND_NOW=1")); - pa_assert_se(rp = pa_readlink("/proc/self/exe")); - pa_assert_se(execv(rp, argv) == 0); - } -#endif - #ifdef HAVE_GETUID real_root = getuid() == 0; suid_root = !real_root && geteuid() == 0; -- 1.6.3.3