diff options
author | Ulrich Drepper <drepper@redhat.com> | 2000-05-25 05:02:35 +0000 |
---|---|---|
committer | Ulrich Drepper <drepper@redhat.com> | 2000-05-25 05:02:35 +0000 |
commit | db33f7d4aef7422140d5e19c440bb5e084fbe186 (patch) | |
tree | 6b9f917cc1cc44fe8fea1e0dc2fedd42e9289285 /elf | |
parent | acb5ee2e561276d64c6e26ef4b82f59a4db5ae90 (diff) | |
download | glibc-db33f7d4aef7422140d5e19c440bb5e084fbe186.tar glibc-db33f7d4aef7422140d5e19c440bb5e084fbe186.tar.gz glibc-db33f7d4aef7422140d5e19c440bb5e084fbe186.tar.bz2 glibc-db33f7d4aef7422140d5e19c440bb5e084fbe186.zip |
Update.
* csu/Makefile (routines): Add check_fds.
* elf/rtld.c (dl_main): Call __libc_check_standard_fds for SUID
binaries. Add various __builtin_expect.
* sysdeps/generic/libc-start.c: Move check_fds and helper functions...
* sysdeps/generic/check_fds.c: ...here. New file.
* malloc/malloc.c (ptmalloc_init): Only enable debugging for SUID
binaries if file /etc/suid-debug is available.
Diffstat (limited to 'elf')
-rw-r--r-- | elf/rtld.c | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/elf/rtld.c b/elf/rtld.c index 5c3dd43abf..b41a90f3ec 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -52,6 +52,9 @@ extern void *_dl_sysdep_read_whole_file (const char *filename, size_t *filesize_ptr, int mmap_prot); +/* Protec SUID program against misuse of file descriptors. */ +extern void __libc_check_standard_fds (void); + /* Helper function to handle errors while resolving symbols. */ static void print_unresolved (int errcode, const char *objname, const char *errsting); @@ -396,6 +399,12 @@ dl_main (const ElfW(Phdr) *phdr, hp_timing_t diff; #endif + /* First thing, if this is a SUID program we make sure that FDs 0, + 1, and 2 are allocated. If necessary we are doing it ourself. + If it is not possible we stop the program. */ + if (__builtin_expect (__libc_enable_secure, 0)) + __libc_check_standard_fds (); + /* Process the environment variable which control the behaviour. */ process_envvars (&mode, &_dl_lazy); @@ -673,7 +682,7 @@ of this helper program; chances are you did not intend to run this program.\n\ preloads = NULL; npreloads = 0; - if (preloadlist) + if (__builtin_expect (preloadlist != NULL, 0)) { /* The LD_PRELOAD environment variable gives list of libraries separated by white space or colons that are loaded before the @@ -687,7 +696,8 @@ of this helper program; chances are you did not intend to run this program.\n\ while ((p = strsep (&list, " :")) != NULL) if (p[0] != '\0' - && (! __libc_enable_secure || strchr (p, '/') == NULL)) + && (__builtin_expect (! __libc_enable_secure, 1) + || strchr (p, '/') == NULL)) { struct link_map *new_map = _dl_map_object (_dl_loaded, p, 1, lt_library, 0); @@ -704,7 +714,7 @@ of this helper program; chances are you did not intend to run this program.\n\ /* Read the contents of the file. */ file = _dl_sysdep_read_whole_file ("/etc/ld.so.preload", &file_size, PROT_READ | PROT_WRITE); - if (file) + if (__builtin_expect (file != NULL, 0)) { /* Parse the file. It contains names of libraries to be loaded, separated by white spaces or `:'. It may also contain @@ -783,7 +793,7 @@ of this helper program; chances are you did not intend to run this program.\n\ __munmap (file, file_size); } - if (npreloads != 0) + if (__builtin_expect (npreloads, 0) != 0) { /* Set up PRELOADS with a vector of the preloaded libraries. */ struct link_map *l; @@ -1072,7 +1082,7 @@ of this helper program; chances are you did not intend to run this program.\n\ this has to go here because the calls it makes should use the rtld versions of the functions (particularly calloc()), but it needs to have _dl_profile_map set up by the relocator. */ - if (_dl_profile_map != NULL) + if (__builtin_expect (_dl_profile_map != NULL, 0)) /* We must prepare the profiling. */ _dl_start_profile (_dl_profile_map, _dl_profile_output); |