aboutsummaryrefslogtreecommitdiff
path: root/elf/rtld.c
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>1998-07-08 22:53:56 +0000
committerUlrich Drepper <drepper@redhat.com>1998-07-08 22:53:56 +0000
commit4bae55673314ecad6127cc156b1e5e5bb3c88b57 (patch)
tree0852b2d8bcf4eaf45fad45bac6ae5d51955dbad9 /elf/rtld.c
parenta3d6fb9b428a51048b31eacd6fe7fad7095ccfd5 (diff)
downloadglibc-4bae55673314ecad6127cc156b1e5e5bb3c88b57.tar
glibc-4bae55673314ecad6127cc156b1e5e5bb3c88b57.tar.gz
glibc-4bae55673314ecad6127cc156b1e5e5bb3c88b57.tar.bz2
glibc-4bae55673314ecad6127cc156b1e5e5bb3c88b57.zip
Update.
1998-07-08 22:18 Ulrich Drepper <drepper@cygnus.com> * elf/Versions: Add _dl_mcount_wrapper_check. * elf/dlfcn.h (DL_CALL_FCT): Don't test _dl_profile_map, simply use _dl_mcount_wrapper_check. * iconv/skeleton.c: Use DL_CALL_FCT, not _CALL_DL_FCT. * elf/dl-reloc.c (_dl_relocate_object): Don't declare using internal_function. * elf/ldsodefs.h: Likewise. * io/fcntl.h: Define SEEK_SET, SEEK_CUR, and SEEK_END. * libio/stdio.h: Make sure va_list is defined for X/Open. Define P_tmpdir for X/Open. * posix/regex.h: Fix typo. * posix/unistd.h: Define intptr_t if not already happened. Add pthread_atfork prototype. * sysdeps/generic/bits/types.h: Define __intptr_t. * sysdeps/unix/sysv/linux/alpha/bits/types.h: Likewise. * sysdeps/unix/sysv/linux/bits/types.h: Likewise. * sysdeps/unix/sysv/linux/bits/mips/types.h: Likewise. * sysdeps/unix/sysv/linux/bits/sparc/sparc64/types.h: Likewise. * sysdeps/unix/sysv/sysv4/solaris2/bits/types.h: Likewise. * sysdeps/wordsize-32/stdint.h: Don't define intptr_t if already done. * sysdeps/wordsize-64/stdint.h: Likewise. * posix/bits/posix1_lim.h: Define _POSIX_CLOCKRES_MIN. * signal/Makefile (headers): Add bits/sigthread.h. * signal/signal.h: Include bits/sigthread.h. * sysdeps/generic/bits/sigthread.h: New file. * stdlib/stdlib.h: Declare rand_r use __USE_POSIX. * sysdeps/generic/bits/confname.h: Define _PC_FILESIZEBITS. * sysdeps/posix/pathconf.c: Handle _PC_FILESIZEBITS. * sysdeps/unix/sysv/linux/alpha/fpathconf.c: New file. * sysdeps/unix/sysv/linux/alpha/pathconf.c: New file. * sysdeps/generic/bits/dlfcn.h: Define RTLD_LOCAL. * elf/rtld.c: Remove preloading and loadpath variables in SUID programs. * sysdeps/generic/dl-sysdep.c: Define unsetenv. * sysdeps/unix/sysv/linux/i386/dl-librecon.h: Define other envvar names. * sysdeps/unix/sysv/linux/bits/errno.h: Define ECANCELED. * sysdeps/unix/sysv/linux/bits/fcntl.h: Define O_RSYNC and O_DSYNC. Remove O_READ and O_WRITE definition. * sysdeps/unix/sysv/linux/bits/resource.h: Define RLIM_SAVED_MAX and RLIM_SAVED_CUR. * sysdeps/unix/sysv/linux/fstatvfs.h: Handle UFS filesystem. 1998-07-06 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de> * Makerules ($(common-objpfx)sysd-versions): Expect awk script in scripts directory. Pass move-if-change to awk. (common-generated): Add $(version-maps) and sysd-versions. * versions.awk: Moved to... * scripts/versions.awk: ... here. Use move-if-change to void touching unchanged files. Print "version-maps = ..." instead of "all-version-maps = ..." and without $(common-objpfx). Explain expected variable names. * Makefile (distribute): Updated. 1998-07-06 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de> * misc/getttyent.c (getttyent): Don't return with locked stream. * misc/mntent_r.c (__getmntent_r): Likewise. 1998-07-07 18:24 Ulrich Drepper <drepper@cygnus.com> * libio/fileops.c (_IO_do_write): Don't shrink wwrite buffer to zero if stream is line buffered. (_io_file_overflow): Likewise. * libio/libio.h (_IO_putc_unlocked): Make sure that for line-buffered streams writing '\n' flushes the string.
Diffstat (limited to 'elf/rtld.c')
-rw-r--r--elf/rtld.c23
1 files changed, 23 insertions, 0 deletions
diff --git a/elf/rtld.c b/elf/rtld.c
index df5db230f4..f1b612166d 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -1193,6 +1193,29 @@ process_envvars (enum mode *modep, int *lazyp)
}
}
+ /* Extra security for SUID binaries. Remove all dangerous environment
+ variables. */
+ if (__libc_enable_secure)
+ {
+ static const char *unsecure_envvars[] =
+ {
+#ifdef EXTRA_UNSECURE_ENVVARS
+ EXTRA_UNSECURE_ENVVARS
+#endif
+ };
+ size_t cnt;
+
+ if (preloadlist != NULL)
+ unsetenv ("LD_PRELOAD");
+ if (library_path != NULL)
+ unsetenv ("LD_LIBRARY_PATH");
+
+ for (cnt = 0;
+ cnt < sizeof (unsecure_envvars) / sizeof (unsecure_envvars[0]);
+ ++cnt)
+ unsetenv (unsecure_envvars[cnt]);
+ }
+
/* If we have to run the dynamic linker in debugging mode and the
LD_DEBUG_OUTPUT environment variable is given, we write the debug
messages to this file. */