Attachment #251933 for bug #342619




  GLRO(dl_profile_output)
    = &"/var/tmp\0/var/profile"[INTUSE(__libc_enable_secure) ? 9 : 0];

  /* Extra security for SUID binaries.  Remove all dangerous environment
     variables.  */
  if (__builtin_expect (INTUSE(__libc_enable_secure), 0))
    {
      static const char unsecure_envvars[] =
#ifdef EXTRA_UNSECURE_ENVVARS
	EXTRA_UNSECURE_ENVVARS
#endif
	UNSECURE_ENVVARS;
      const char *nextp;

      nextp = unsecure_envvars;
      do
	{
	  unsetenv (nextp);
	  /* We could use rawmemchr but this need not be fast.  */
	  nextp = (char *) (strchr) (nextp, '\0') + 1;
	}
      while (*nextp != '\0');

      if (__access ("/etc/suid-debug", F_OK) != 0)
        {
	  unsetenv ("MALLOC_CHECK_");
	  GLRO(dl_debug_mask) = 0;
        }

      if (mode != normal)
	_exit (5);
    }
  /* If we have to run the dynamic linker in debugging mode and the
     LD_DEBUG_OUTPUT environment variable is given, we write the debug
     messages to this file.  */
  else if (any_debug && debug_output != NULL)
    {
#ifdef O_NOFOLLOW
      const int flags = O_WRONLY | O_APPEND | O_CREAT | O_NOFOLLOW;
#else
      const int flags = O_WRONLY | O_APPEND | O_CREAT;
#endif
      size_t name_len = strlen (debug_output);
      char buf[name_len + 12];
      char *startp;

      buf[name_len + 11] = '\0';
      startp = _itoa (__getpid (), &buf[name_len + 11], 10, 0);
      *--startp = '.';
      startp = memcpy (startp - name_len, debug_output, name_len);

      GLRO(dl_debug_fd) = __open (startp, flags, DEFFILEMODE);
      if (GLRO(dl_debug_fd) == -1)
	/* We use standard output if opening the file failed.  */
	GLRO(dl_debug_fd) = STDOUT_FILENO;
    }

  while ((envline = _dl_next_ld_env_entry (&runp)) != NULL)
    {
      size_t len = 0;


  /* The caller wants this information.  */
  *modep = mode;

  /* Extra security for SUID binaries.  Remove all dangerous environment
     variables.  */
  if (__builtin_expect (INTUSE(__libc_enable_secure), 0))
    {
      static const char unsecure_envvars[] =
#ifdef EXTRA_UNSECURE_ENVVARS
	EXTRA_UNSECURE_ENVVARS
#endif
	UNSECURE_ENVVARS;
      const char *nextp;

      nextp = unsecure_envvars;
      do
	{
	  unsetenv (nextp);
	  /* We could use rawmemchr but this need not be fast.  */
	  nextp = (char *) (strchr) (nextp, '\0') + 1;
	}
      while (*nextp != '\0');

      if (__access ("/etc/suid-debug", F_OK) != 0)
        {
	  unsetenv ("MALLOC_CHECK_");
	  GLRO(dl_debug_mask) = 0;
        }

      if (mode != normal)
	_exit (5);
    }
  /* If we have to run the dynamic linker in debugging mode and the
     LD_DEBUG_OUTPUT environment variable is given, we write the debug
     messages to this file.  */
  else if (any_debug && debug_output != NULL)
    {
#ifdef O_NOFOLLOW
      const int flags = O_WRONLY | O_APPEND | O_CREAT | O_NOFOLLOW;
#else
      const int flags = O_WRONLY | O_APPEND | O_CREAT;
#endif
      size_t name_len = strlen (debug_output);
      char buf[name_len + 12];
      char *startp;

      buf[name_len + 11] = '\0';
      startp = _itoa (__getpid (), &buf[name_len + 11], 10, 0);
      *--startp = '.';
      startp = memcpy (startp - name_len, debug_output, name_len);

      GLRO(dl_debug_fd) = __open (startp, flags, DEFFILEMODE);
      if (GLRO(dl_debug_fd) == -1)
	/* We use standard output if opening the file failed.  */
	GLRO(dl_debug_fd) = STDOUT_FILENO;
    }
}



Return to bug 342619

Lines 2507-2512 Link Here

(-)glibc-2.11.2/elf/rtld.c.orig (-54 / +54 lines)
2507	GLRO(dl_profile_output)	2507	GLRO(dl_profile_output)
2508	= &"/var/tmp\0/var/profile"[INTUSE(__libc_enable_secure) ? 9 : 0];	2508	= &"/var/tmp\0/var/profile"[INTUSE(__libc_enable_secure) ? 9 : 0];
2509		2509
		2510	/* Extra security for SUID binaries. Remove all dangerous environment
		2511	variables. */
		2512	if (__builtin_expect (INTUSE(__libc_enable_secure), 0))
		2513	{
		2514	static const char unsecure_envvars[] =
		2515	#ifdef EXTRA_UNSECURE_ENVVARS
		2516	EXTRA_UNSECURE_ENVVARS
		2517	#endif
		2518	UNSECURE_ENVVARS;
		2519	const char *nextp;
		2520
		2521	nextp = unsecure_envvars;
		2522	do
		2523	{
		2524	unsetenv (nextp);
		2525	/* We could use rawmemchr but this need not be fast. */
		2526	nextp = (char *) (strchr) (nextp, '\0') + 1;
		2527	}
		2528	while (*nextp != '\0');
		2529
		2530	if (__access ("/etc/suid-debug", F_OK) != 0)
		2531	{
		2532	unsetenv ("MALLOC_CHECK_");
		2533	GLRO(dl_debug_mask) = 0;
		2534	}
		2535
		2536	if (mode != normal)
		2537	_exit (5);
		2538	}
		2539	/* If we have to run the dynamic linker in debugging mode and the
		2540	LD_DEBUG_OUTPUT environment variable is given, we write the debug
		2541	messages to this file. */
		2542	else if (any_debug && debug_output != NULL)
		2543	{
		2544	#ifdef O_NOFOLLOW
		2545	const int flags = O_WRONLY \| O_APPEND \| O_CREAT \| O_NOFOLLOW;
		2546	#else
		2547	const int flags = O_WRONLY \| O_APPEND \| O_CREAT;
		2548	#endif
		2549	size_t name_len = strlen (debug_output);
		2550	char buf[name_len + 12];
		2551	char *startp;
		2552
		2553	buf[name_len + 11] = '\0';
		2554	startp = _itoa (__getpid (), &buf[name_len + 11], 10, 0);
		2555	*--startp = '.';
		2556	startp = memcpy (startp - name_len, debug_output, name_len);
		2557
		2558	GLRO(dl_debug_fd) = __open (startp, flags, DEFFILEMODE);
		2559	if (GLRO(dl_debug_fd) == -1)
		2560	/* We use standard output if opening the file failed. */
		2561	GLRO(dl_debug_fd) = STDOUT_FILENO;
		2562	}
		2563
2510	while ((envline = _dl_next_ld_env_entry (&runp)) != NULL)	2564	while ((envline = _dl_next_ld_env_entry (&runp)) != NULL)
2511	{	2565	{
2512	size_t len = 0;	2566	size_t len = 0;
Lines 2666-2725 Link Here
2666		2720
2667	/* The caller wants this information. */	2721	/* The caller wants this information. */
2668	*modep = mode;	2722	*modep = mode;
2669
2670	/* Extra security for SUID binaries. Remove all dangerous environment
2671	variables. */
2672	if (__builtin_expect (INTUSE(__libc_enable_secure), 0))
2673	{
2674	static const char unsecure_envvars[] =
2675	#ifdef EXTRA_UNSECURE_ENVVARS
2676	EXTRA_UNSECURE_ENVVARS
2677	#endif
2678	UNSECURE_ENVVARS;
2679	const char *nextp;
2680
2681	nextp = unsecure_envvars;
2682	do
2683	{
2684	unsetenv (nextp);
2685	/* We could use rawmemchr but this need not be fast. */
2686	nextp = (char *) (strchr) (nextp, '\0') + 1;
2687	}
2688	while (*nextp != '\0');
2689
2690	if (__access ("/etc/suid-debug", F_OK) != 0)
2691	{
2692	unsetenv ("MALLOC_CHECK_");
2693	GLRO(dl_debug_mask) = 0;
2694	}
2695
2696	if (mode != normal)
2697	_exit (5);
2698	}
2699	/* If we have to run the dynamic linker in debugging mode and the
2700	LD_DEBUG_OUTPUT environment variable is given, we write the debug
2701	messages to this file. */
2702	else if (any_debug && debug_output != NULL)
2703	{
2704	#ifdef O_NOFOLLOW
2705	const int flags = O_WRONLY \| O_APPEND \| O_CREAT \| O_NOFOLLOW;
2706	#else
2707	const int flags = O_WRONLY \| O_APPEND \| O_CREAT;
2708	#endif
2709	size_t name_len = strlen (debug_output);
2710	char buf[name_len + 12];
2711	char *startp;
2712
2713	buf[name_len + 11] = '\0';
2714	startp = _itoa (__getpid (), &buf[name_len + 11], 10, 0);
2715	*--startp = '.';
2716	startp = memcpy (startp - name_len, debug_output, name_len);
2717
2718	GLRO(dl_debug_fd) = __open (startp, flags, DEFFILEMODE);
2719	if (GLRO(dl_debug_fd) == -1)
2720	/* We use standard output if opening the file failed. */
2721	GLRO(dl_debug_fd) = STDOUT_FILENO;
2722	}
2723	}	2723	}
2724		2724
2725		2725