diff options
Diffstat (limited to 'elf')
| -rw-r--r-- | elf/Makefile | 2 | ||||
| -rw-r--r-- | elf/dl-support.c | 22 | ||||
| -rw-r--r-- | elf/rtld.c | 5 |
3 files changed, 28 insertions, 1 deletions
diff --git a/elf/Makefile b/elf/Makefile index 0fc81e021f..84815b30ea 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -46,7 +46,7 @@ distribute := $(rtld-routines:=.c) dynamic-link.h do-rel.h dl-machine.h \ testobj1.c testobj2.c testobj3.c testobj4.c testobj5.c \ testobj6.c testobj1_1.c failobj.c unloadmod.c \ ldconfig.h ldconfig.c cache.c readlib.c readelflib.c \ - dep1.c dep2.c dep3.c dep4.c dl-dtprocnum.h \ + dep1.c dep2.c dep3.c dep4.c dl-dtprocnum.h unsecvars.h \ vismain.c vismod1.c vismod2.c vismod3.c \ constload2.c constload3.c filtmod1.c filtmod2.c \ nodlopenmod.c nodelete.c nodelmod1.c nodelmod2.c \ diff --git a/elf/dl-support.c b/elf/dl-support.c index 50b37e8166..75d7b1926a 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -27,6 +27,8 @@ #include <ldsodefs.h> #include <dl-machine.h> #include <bits/libc-lock.h> +#include <dl-librecon.h> +#include <unsecvars.h> extern char *__progname; char **_dl_argv = &__progname; /* This is checked for some error messages. */ @@ -125,6 +127,26 @@ non_dynamic_init (void) _dl_dynamic_weak = *(getenv ("LD_DYNAMIC_WEAK") ?: "") == '\0'; + if (__libc_enable_secure) + { + static const char *unsecure_envvars[] = + { + UNSECURE_ENVVARS, +#ifdef EXTRA_UNSECURE_ENVVARS + EXTRA_UNSECURE_ENVVARS +#endif + }; + size_t cnt; + + for (cnt = 0; + cnt < sizeof (unsecure_envvars) / sizeof (unsecure_envvars[0]); + ++cnt) + unsetenv (unsecure_envvars[cnt]); + + if (__access ("/etc/suid-debug", F_OK) != 0) + unsetenv ("MALLOC_CHECK_"); + } + #ifdef DL_PLATFORM_INIT DL_PLATFORM_INIT; #endif diff --git a/elf/rtld.c b/elf/rtld.c index 18ff312baa..d17d83961d 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -30,6 +30,7 @@ #include <bits/libc-lock.h> #include "dynamic-link.h" #include "dl-librecon.h" +#include <unsecvars.h> #include <assert.h> @@ -1465,6 +1466,7 @@ process_envvars (enum mode *modep, int *lazyp) { static const char *unsecure_envvars[] = { + UNSECURE_ENVVARS, #ifdef EXTRA_UNSECURE_ENVVARS EXTRA_UNSECURE_ENVVARS #endif @@ -1486,6 +1488,9 @@ process_envvars (enum mode *modep, int *lazyp) cnt < sizeof (unsecure_envvars) / sizeof (unsecure_envvars[0]); ++cnt) unsetenv (unsecure_envvars[cnt]); + + if (__access ("/etc/suid-debug", F_OK) != 0) + unsetenv ("MALLOC_CHECK_"); } /* The name of the object to profile cannot be empty. */ |