Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 251933 Details for
Bug 342619
sys-libs/glibc fails to sanitize environment for setuid binaries
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
fix
glibc-2.11-fix-unsecure_envvars.patch (text/plain), 3.57 KB, created by
Pavel Labushev
on 2010-10-25 11:23:34 UTC
(
hide
)
Description:
fix
Filename:
MIME Type:
Creator:
Pavel Labushev
Created:
2010-10-25 11:23:34 UTC
Size:
3.57 KB
patch
obsolete
>--- glibc-2.11.2/elf/rtld.c.orig 2010-10-25 18:02:52.024000002 +0800 >+++ glibc-2.11.2/elf/rtld.c 2010-10-25 18:08:12.107000002 +0800 >@@ -2507,6 +2507,60 @@ > GLRO(dl_profile_output) > = &"/var/tmp\0/var/profile"[INTUSE(__libc_enable_secure) ? 9 : 0]; > >+ /* Extra security for SUID binaries. Remove all dangerous environment >+ variables. */ >+ if (__builtin_expect (INTUSE(__libc_enable_secure), 0)) >+ { >+ static const char unsecure_envvars[] = >+#ifdef EXTRA_UNSECURE_ENVVARS >+ EXTRA_UNSECURE_ENVVARS >+#endif >+ UNSECURE_ENVVARS; >+ const char *nextp; >+ >+ nextp = unsecure_envvars; >+ do >+ { >+ unsetenv (nextp); >+ /* We could use rawmemchr but this need not be fast. */ >+ nextp = (char *) (strchr) (nextp, '\0') + 1; >+ } >+ while (*nextp != '\0'); >+ >+ if (__access ("/etc/suid-debug", F_OK) != 0) >+ { >+ unsetenv ("MALLOC_CHECK_"); >+ GLRO(dl_debug_mask) = 0; >+ } >+ >+ if (mode != normal) >+ _exit (5); >+ } >+ /* If we have to run the dynamic linker in debugging mode and the >+ LD_DEBUG_OUTPUT environment variable is given, we write the debug >+ messages to this file. */ >+ else if (any_debug && debug_output != NULL) >+ { >+#ifdef O_NOFOLLOW >+ const int flags = O_WRONLY | O_APPEND | O_CREAT | O_NOFOLLOW; >+#else >+ const int flags = O_WRONLY | O_APPEND | O_CREAT; >+#endif >+ size_t name_len = strlen (debug_output); >+ char buf[name_len + 12]; >+ char *startp; >+ >+ buf[name_len + 11] = '\0'; >+ startp = _itoa (__getpid (), &buf[name_len + 11], 10, 0); >+ *--startp = '.'; >+ startp = memcpy (startp - name_len, debug_output, name_len); >+ >+ GLRO(dl_debug_fd) = __open (startp, flags, DEFFILEMODE); >+ if (GLRO(dl_debug_fd) == -1) >+ /* We use standard output if opening the file failed. */ >+ GLRO(dl_debug_fd) = STDOUT_FILENO; >+ } >+ > while ((envline = _dl_next_ld_env_entry (&runp)) != NULL) > { > size_t len = 0; >@@ -2666,60 +2720,6 @@ > > /* The caller wants this information. */ > *modep = mode; >- >- /* Extra security for SUID binaries. Remove all dangerous environment >- variables. */ >- if (__builtin_expect (INTUSE(__libc_enable_secure), 0)) >- { >- static const char unsecure_envvars[] = >-#ifdef EXTRA_UNSECURE_ENVVARS >- EXTRA_UNSECURE_ENVVARS >-#endif >- UNSECURE_ENVVARS; >- const char *nextp; >- >- nextp = unsecure_envvars; >- do >- { >- unsetenv (nextp); >- /* We could use rawmemchr but this need not be fast. */ >- nextp = (char *) (strchr) (nextp, '\0') + 1; >- } >- while (*nextp != '\0'); >- >- if (__access ("/etc/suid-debug", F_OK) != 0) >- { >- unsetenv ("MALLOC_CHECK_"); >- GLRO(dl_debug_mask) = 0; >- } >- >- if (mode != normal) >- _exit (5); >- } >- /* If we have to run the dynamic linker in debugging mode and the >- LD_DEBUG_OUTPUT environment variable is given, we write the debug >- messages to this file. */ >- else if (any_debug && debug_output != NULL) >- { >-#ifdef O_NOFOLLOW >- const int flags = O_WRONLY | O_APPEND | O_CREAT | O_NOFOLLOW; >-#else >- const int flags = O_WRONLY | O_APPEND | O_CREAT; >-#endif >- size_t name_len = strlen (debug_output); >- char buf[name_len + 12]; >- char *startp; >- >- buf[name_len + 11] = '\0'; >- startp = _itoa (__getpid (), &buf[name_len + 11], 10, 0); >- *--startp = '.'; >- startp = memcpy (startp - name_len, debug_output, name_len); >- >- GLRO(dl_debug_fd) = __open (startp, flags, DEFFILEMODE); >- if (GLRO(dl_debug_fd) == -1) >- /* We use standard output if opening the file failed. */ >- GLRO(dl_debug_fd) = STDOUT_FILENO; >- } > } > >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 342619
: 251933 |
252129