From 74955460c5b9f23d7783395ce2478f5b7c5fd876 Mon Sep 17 00:00:00 2001
From: Ulrich Drepper <drepper@redhat.com>
Date: Tue, 26 Sep 2000 09:46:55 +0000
Subject: Update.

2000-09-26  Thorsten Kukuk  <kukuk@suse.de>

	* nscd/dbg_log.c (dbg_log): Add missing format string.

	* catgets/catgets.c (catopen): Use getenv instead of __secure_getenv
	since we filter out the variable once.
	* iconv/gconv_conf.c (__gconv_get_path): Likewise.
	* locale/newlocale.c (__newlocale): Likewise.
	* locale/setlocale.c (setlocale): Likewise.
	* malloc/malloc.c (ptmalloc_init): Likewise.
	* resolv/res_hconf.c (_res_hconf_init): Likewise.
	* resolv/res_init.c (__res_vinit): Likewise.
	* time/tzfile.c (__tzfile_read): Likewise.
	* sysdeps/generic/unsecvars.h: New file.
	* elf/dl-support.c (non_dynamic_init): Use it here to remove variables.
	* elf/rtld.c (process_envvars): Likewise.
	* elf/Makefile (distribute): Add unsecvars.h.
---
 elf/Makefile     |  2 +-
 elf/dl-support.c | 22 ++++++++++++++++++++++
 elf/rtld.c       |  5 +++++
 3 files changed, 28 insertions(+), 1 deletion(-)

(limited to 'elf')

diff --git a/elf/Makefile b/elf/Makefile
index 0fc81e021f..84815b30ea 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -46,7 +46,7 @@ distribute	:= $(rtld-routines:=.c) dynamic-link.h do-rel.h dl-machine.h \
 		   testobj1.c testobj2.c testobj3.c testobj4.c testobj5.c \
 		   testobj6.c testobj1_1.c failobj.c unloadmod.c \
 		   ldconfig.h ldconfig.c cache.c readlib.c readelflib.c \
-		   dep1.c dep2.c dep3.c dep4.c dl-dtprocnum.h \
+		   dep1.c dep2.c dep3.c dep4.c dl-dtprocnum.h unsecvars.h \
 		   vismain.c vismod1.c vismod2.c vismod3.c \
 		   constload2.c constload3.c filtmod1.c filtmod2.c \
 		   nodlopenmod.c nodelete.c nodelmod1.c nodelmod2.c \
diff --git a/elf/dl-support.c b/elf/dl-support.c
index 50b37e8166..75d7b1926a 100644
--- a/elf/dl-support.c
+++ b/elf/dl-support.c
@@ -27,6 +27,8 @@
 #include <ldsodefs.h>
 #include <dl-machine.h>
 #include <bits/libc-lock.h>
+#include <dl-librecon.h>
+#include <unsecvars.h>
 
 extern char *__progname;
 char **_dl_argv = &__progname;	/* This is checked for some error messages.  */
@@ -125,6 +127,26 @@ non_dynamic_init (void)
 
   _dl_dynamic_weak = *(getenv ("LD_DYNAMIC_WEAK") ?: "") == '\0';
 
+  if (__libc_enable_secure)
+    {
+      static const char *unsecure_envvars[] =
+      {
+	UNSECURE_ENVVARS,
+#ifdef EXTRA_UNSECURE_ENVVARS
+	EXTRA_UNSECURE_ENVVARS
+#endif
+      };
+      size_t cnt;
+
+      for (cnt = 0;
+	   cnt < sizeof (unsecure_envvars) / sizeof (unsecure_envvars[0]);
+	   ++cnt)
+	unsetenv (unsecure_envvars[cnt]);
+
+      if (__access ("/etc/suid-debug", F_OK) != 0)
+	unsetenv ("MALLOC_CHECK_");
+    }
+
 #ifdef DL_PLATFORM_INIT
   DL_PLATFORM_INIT;
 #endif
diff --git a/elf/rtld.c b/elf/rtld.c
index 18ff312baa..d17d83961d 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -30,6 +30,7 @@
 #include <bits/libc-lock.h>
 #include "dynamic-link.h"
 #include "dl-librecon.h"
+#include <unsecvars.h>
 
 #include <assert.h>
 
@@ -1465,6 +1466,7 @@ process_envvars (enum mode *modep, int *lazyp)
     {
       static const char *unsecure_envvars[] =
       {
+	UNSECURE_ENVVARS,
 #ifdef EXTRA_UNSECURE_ENVVARS
 	EXTRA_UNSECURE_ENVVARS
 #endif
@@ -1486,6 +1488,9 @@ process_envvars (enum mode *modep, int *lazyp)
 	   cnt < sizeof (unsecure_envvars) / sizeof (unsecure_envvars[0]);
 	   ++cnt)
 	unsetenv (unsecure_envvars[cnt]);
+
+      if (__access ("/etc/suid-debug", F_OK) != 0)
+	unsetenv ("MALLOC_CHECK_");
     }
 
   /* The name of the object to profile cannot be empty.  */
-- 
cgit v1.2.3