dbp/linamh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
a624b83566
linamh/sys-libs/glibc/files/glibc-sec-hotfix-20040916.patch
geos_one 5059ab35f3 add glibc 2.10.1 for arm arch 
git-svn-id: https://svn.disconnected-by-peer.at/svn/linamh/trunk/linamh@1552 6952d904-891a-0410-993b-d76249ca496b
2009-09-12 08:46:08 +00:00

96 lines
3.0 KiB
Diff
Raw Blame History

diff -Nru glibc-2.3.3.old/elf/rtld.c glibc-2.3.3/elf/rtld.c
--- glibc-2.3.3.old/elf/rtld.c 2004-09-16 15:02:16.000000000 -0400
+++ glibc-2.3.3/elf/rtld.c 2004-09-16 15:04:58.000000000 -0400
@@ -2041,6 +2041,30 @@
GLRO(dl_profile_output)
= &"/var/tmp\0/var/profile"[INTUSE(__libc_enable_secure) ? 9 : 0];
+ /* Extra security for SUID binaries. Remove all dangerous environment
+ variables. */
+ if (__builtin_expect (INTUSE(__libc_enable_secure), 0))
+ {
+ static const char unsecure_envvars[] =
+#ifdef EXTRA_UNSECURE_ENVVARS
+ EXTRA_UNSECURE_ENVVARS
+#endif
+ UNSECURE_ENVVARS;
+ const char *nextp;
+
+ nextp = unsecure_envvars;
+ do
+ {
+ unsetenv (nextp);
+ /* We could use rawmemchr but this need not be fast. */
+ nextp = (char *) (strchr) (nextp, '\0') + 1;
+ }
+ while (*nextp != '\0');
+
+ if (__access ("/etc/suid-debug", F_OK) != 0)
+ unsetenv ("MALLOC_CHECK_");
+ }
+
while ((envline = _dl_next_ld_env_entry (&runp)) != NULL)
{
size_t len = 0;
@@ -2188,33 +2212,10 @@
/* The caller wants this information. */
*modep = mode;
- /* Extra security for SUID binaries. Remove all dangerous environment
- variables. */
- if (__builtin_expect (INTUSE(__libc_enable_secure), 0))
- {
- static const char unsecure_envvars[] =
-#ifdef EXTRA_UNSECURE_ENVVARS
- EXTRA_UNSECURE_ENVVARS
-#endif
- UNSECURE_ENVVARS;
- const char *nextp;
-
- nextp = unsecure_envvars;
- do
- {
- unsetenv (nextp);
- /* We could use rawmemchr but this need not be fast. */
- nextp = (char *) (strchr) (nextp, '\0') + 1;
- }
- while (*nextp != '\0');
-
- if (__access ("/etc/suid-debug", F_OK) != 0)
- unsetenv ("MALLOC_CHECK_");
- }
/* If we have to run the dynamic linker in debugging mode and the
LD_DEBUG_OUTPUT environment variable is given, we write the debug
messages to this file. */
- else if (any_debug && debug_output != NULL)
+ if (any_debug && debug_output != NULL)
{
#ifdef O_NOFOLLOW
const int flags = O_WRONLY | O_APPEND | O_CREAT | O_NOFOLLOW;
diff -Nru glibc-2.3.3.old/malloc/malloc.c glibc-2.3.3/malloc/malloc.c
--- glibc-2.3.3.old/malloc/malloc.c 2004-09-16 15:03:22.000000000 -0400
+++ glibc-2.3.3/malloc/malloc.c 2004-09-16 15:04:58.000000000 -0400
@@ -321,6 +321,10 @@
#define assert(x) ((void)0)
#endif
+#include <abort-instr.h>
+#ifndef ABORT_INSTRUCTION
+#define ABORT_INSTRUCTION
+#endif
/*
INTERNAL_SIZE_T is the word-size used for internal bookkeeping
diff -Nru glibc-2.3.3.old/sysdeps/generic/unsecvars.h glibc-2.3.3/sysdeps/generic/unsecvars.h
--- glibc-2.3.3.old/sysdeps/generic/unsecvars.h 2004-09-16 15:03:11.000000000 -0400
+++ glibc-2.3.3/sysdeps/generic/unsecvars.h 2004-09-16 15:04:58.000000000 -0400
@@ -3,6 +3,8 @@
with a '\0' explicitly. */
#define UNSECURE_ENVVARS \
"LD_PRELOAD\0" \
+ "LD_DEBUG\0" \
+ "LD_TRACE_PRELINKING\0" \
"LD_LIBRARY_PATH\0" \
"LD_ORIGIN_PATH\0" \
"LD_DEBUG_OUTPUT\0" \
Reference in New Issue View Git Blame Copy Permalink