diff options
-rw-r--r-- | ChangeLog | 9 | ||||
-rw-r--r-- | elf/rtld.c | 12 | ||||
-rw-r--r-- | sysdeps/generic/unsecvars.h | 3 |
3 files changed, 21 insertions, 3 deletions
@@ -1,3 +1,12 @@ +2004-12-01 Jakub Jelinek <jakub@redhat.com> + + * elf/rtld.c (process_envvars): Don't consider LD_SHOW_AUXV + and LD_DYNAMIC_WEAK if __libc_enable_secure. + If __libc_enable_secure, /etc/suid-debug doesn't exist and + program will be actually run, turn off all debugging. + * sysdeps/generic/unsecvars.h (UNSECURE_ENVVARS): Add LD_DEBUG, + LD_DYNAMIC_WEAK and LD_SHOW_AUXV. + 2004-12-06 Jakub Jelinek <jakub@redhat.com> * time/tzset.c (tzset_internal): If + or - is seen, diff --git a/elf/rtld.c b/elf/rtld.c index 601fc7d53c..13f7b4f748 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -2158,7 +2158,8 @@ process_envvars (enum mode *modep) case 9: /* Test whether we want to see the content of the auxiliary array passed up from the kernel. */ - if (memcmp (envline, "SHOW_AUXV", 9) == 0) + if (!INTUSE(__libc_enable_secure) + && memcmp (envline, "SHOW_AUXV", 9) == 0) _dl_show_auxv (); break; @@ -2191,7 +2192,8 @@ process_envvars (enum mode *modep) break; } - if (memcmp (envline, "DYNAMIC_WEAK", 12) == 0) + if (!INTUSE(__libc_enable_secure) + && memcmp (envline, "DYNAMIC_WEAK", 12) == 0) GLRO(dl_dynamic_weak) = 1; break; @@ -2265,7 +2267,11 @@ process_envvars (enum mode *modep) while (*nextp != '\0'); if (__access ("/etc/suid-debug", F_OK) != 0) - unsetenv ("MALLOC_CHECK_"); + { + unsetenv ("MALLOC_CHECK_"); + if (mode == normal) + GLRO(dl_debug_mask) = 0; + } } /* If we have to run the dynamic linker in debugging mode and the LD_DEBUG_OUTPUT environment variable is given, we write the debug diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h index 8a9dd43ce9..eb77b260d8 100644 --- a/sysdeps/generic/unsecvars.h +++ b/sysdeps/generic/unsecvars.h @@ -5,9 +5,12 @@ "LD_PRELOAD\0" \ "LD_LIBRARY_PATH\0" \ "LD_ORIGIN_PATH\0" \ + "LD_DEBUG\0" \ "LD_DEBUG_OUTPUT\0" \ "LD_PROFILE\0" \ "LD_USE_LOAD_BIAS\0" \ + "LD_DYNAMIC_WEAK\0" \ + "LD_SHOW_AUXV\0" \ "GCONV_PATH\0" \ "GETCONF_DIR\0" \ "HOSTALIASES\0" \ |