Attachment 251933 Details for Bug 342619 – fix

[patch] fix

glibc-2.11-fix-unsecure_envvars.patch (text/plain), 3.57 KB, created by Pavel Labushev on 2010-10-25 11:23:34 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Pavel Labushev

Created: 2010-10-25 11:23:34 UTC

Size: 3.57 KB

patch

obsolete

>--- glibc-2.11.2/elf/rtld.c.orig	2010-10-25 18:02:52.024000002 +0800
>+++ glibc-2.11.2/elf/rtld.c	2010-10-25 18:08:12.107000002 +0800
>@@ -2507,6 +2507,60 @@
>   GLRO(dl_profile_output)
>     = &"/var/tmp\0/var/profile"[INTUSE(__libc_enable_secure) ? 9 : 0];
> 
>+  /* Extra security for SUID binaries.  Remove all dangerous environment
>+     variables.  */
>+  if (__builtin_expect (INTUSE(__libc_enable_secure), 0))
>+    {
>+      static const char unsecure_envvars[] =
>+#ifdef EXTRA_UNSECURE_ENVVARS
>+	EXTRA_UNSECURE_ENVVARS
>+#endif
>+	UNSECURE_ENVVARS;
>+      const char *nextp;
>+
>+      nextp = unsecure_envvars;
>+      do
>+	{
>+	  unsetenv (nextp);
>+	  /* We could use rawmemchr but this need not be fast.  */
>+	  nextp = (char *) (strchr) (nextp, '\0') + 1;
>+	}
>+      while (*nextp != '\0');
>+
>+      if (__access ("/etc/suid-debug", F_OK) != 0)
>+        {
>+	  unsetenv ("MALLOC_CHECK_");
>+	  GLRO(dl_debug_mask) = 0;
>+        }
>+
>+      if (mode != normal)
>+	_exit (5);
>+    }
>+  /* If we have to run the dynamic linker in debugging mode and the
>+     LD_DEBUG_OUTPUT environment variable is given, we write the debug
>+     messages to this file.  */
>+  else if (any_debug && debug_output != NULL)
>+    {
>+#ifdef O_NOFOLLOW
>+      const int flags = O_WRONLY | O_APPEND | O_CREAT | O_NOFOLLOW;
>+#else
>+      const int flags = O_WRONLY | O_APPEND | O_CREAT;
>+#endif
>+      size_t name_len = strlen (debug_output);
>+      char buf[name_len + 12];
>+      char *startp;
>+
>+      buf[name_len + 11] = '\0';
>+      startp = _itoa (__getpid (), &buf[name_len + 11], 10, 0);
>+      *--startp = '.';
>+      startp = memcpy (startp - name_len, debug_output, name_len);
>+
>+      GLRO(dl_debug_fd) = __open (startp, flags, DEFFILEMODE);
>+      if (GLRO(dl_debug_fd) == -1)
>+	/* We use standard output if opening the file failed.  */
>+	GLRO(dl_debug_fd) = STDOUT_FILENO;
>+    }
>+
>   while ((envline = _dl_next_ld_env_entry (&runp)) != NULL)
>     {
>       size_t len = 0;
>@@ -2666,60 +2720,6 @@
> 
>   /* The caller wants this information.  */
>   *modep = mode;
>-
>-  /* Extra security for SUID binaries.  Remove all dangerous environment
>-     variables.  */
>-  if (__builtin_expect (INTUSE(__libc_enable_secure), 0))
>-    {
>-      static const char unsecure_envvars[] =
>-#ifdef EXTRA_UNSECURE_ENVVARS
>-	EXTRA_UNSECURE_ENVVARS
>-#endif
>-	UNSECURE_ENVVARS;
>-      const char *nextp;
>-
>-      nextp = unsecure_envvars;
>-      do
>-	{
>-	  unsetenv (nextp);
>-	  /* We could use rawmemchr but this need not be fast.  */
>-	  nextp = (char *) (strchr) (nextp, '\0') + 1;
>-	}
>-      while (*nextp != '\0');
>-
>-      if (__access ("/etc/suid-debug", F_OK) != 0)
>-        {
>-	  unsetenv ("MALLOC_CHECK_");
>-	  GLRO(dl_debug_mask) = 0;
>-        }
>-
>-      if (mode != normal)
>-	_exit (5);
>-    }
>-  /* If we have to run the dynamic linker in debugging mode and the
>-     LD_DEBUG_OUTPUT environment variable is given, we write the debug
>-     messages to this file.  */
>-  else if (any_debug && debug_output != NULL)
>-    {
>-#ifdef O_NOFOLLOW
>-      const int flags = O_WRONLY | O_APPEND | O_CREAT | O_NOFOLLOW;
>-#else
>-      const int flags = O_WRONLY | O_APPEND | O_CREAT;
>-#endif
>-      size_t name_len = strlen (debug_output);
>-      char buf[name_len + 12];
>-      char *startp;
>-
>-      buf[name_len + 11] = '\0';
>-      startp = _itoa (__getpid (), &buf[name_len + 11], 10, 0);
>-      *--startp = '.';
>-      startp = memcpy (startp - name_len, debug_output, name_len);
>-
>-      GLRO(dl_debug_fd) = __open (startp, flags, DEFFILEMODE);
>-      if (GLRO(dl_debug_fd) == -1)
>-	/* We use standard output if opening the file failed.  */
>-	GLRO(dl_debug_fd) = STDOUT_FILENO;
>-    }
> }
> 
>

Actions: View | Diff

Attachments on bug 342619: 251933 | 252129