5059ab35f3
git-svn-id: https://svn.disconnected-by-peer.at/svn/linamh/trunk/linamh@1552 6952d904-891a-0410-993b-d76249ca496b
96 lines
3.0 KiB
Diff
96 lines
3.0 KiB
Diff
diff -Nru glibc-2.3.3.old/elf/rtld.c glibc-2.3.3/elf/rtld.c
|
|
--- glibc-2.3.3.old/elf/rtld.c 2004-09-16 15:02:16.000000000 -0400
|
|
+++ glibc-2.3.3/elf/rtld.c 2004-09-16 15:04:58.000000000 -0400
|
|
@@ -2041,6 +2041,30 @@
|
|
GLRO(dl_profile_output)
|
|
= &"/var/tmp\0/var/profile"[INTUSE(__libc_enable_secure) ? 9 : 0];
|
|
|
|
+ /* Extra security for SUID binaries. Remove all dangerous environment
|
|
+ variables. */
|
|
+ if (__builtin_expect (INTUSE(__libc_enable_secure), 0))
|
|
+ {
|
|
+ static const char unsecure_envvars[] =
|
|
+#ifdef EXTRA_UNSECURE_ENVVARS
|
|
+ EXTRA_UNSECURE_ENVVARS
|
|
+#endif
|
|
+ UNSECURE_ENVVARS;
|
|
+ const char *nextp;
|
|
+
|
|
+ nextp = unsecure_envvars;
|
|
+ do
|
|
+ {
|
|
+ unsetenv (nextp);
|
|
+ /* We could use rawmemchr but this need not be fast. */
|
|
+ nextp = (char *) (strchr) (nextp, '\0') + 1;
|
|
+ }
|
|
+ while (*nextp != '\0');
|
|
+
|
|
+ if (__access ("/etc/suid-debug", F_OK) != 0)
|
|
+ unsetenv ("MALLOC_CHECK_");
|
|
+ }
|
|
+
|
|
while ((envline = _dl_next_ld_env_entry (&runp)) != NULL)
|
|
{
|
|
size_t len = 0;
|
|
@@ -2188,33 +2212,10 @@
|
|
/* The caller wants this information. */
|
|
*modep = mode;
|
|
|
|
- /* Extra security for SUID binaries. Remove all dangerous environment
|
|
- variables. */
|
|
- if (__builtin_expect (INTUSE(__libc_enable_secure), 0))
|
|
- {
|
|
- static const char unsecure_envvars[] =
|
|
-#ifdef EXTRA_UNSECURE_ENVVARS
|
|
- EXTRA_UNSECURE_ENVVARS
|
|
-#endif
|
|
- UNSECURE_ENVVARS;
|
|
- const char *nextp;
|
|
-
|
|
- nextp = unsecure_envvars;
|
|
- do
|
|
- {
|
|
- unsetenv (nextp);
|
|
- /* We could use rawmemchr but this need not be fast. */
|
|
- nextp = (char *) (strchr) (nextp, '\0') + 1;
|
|
- }
|
|
- while (*nextp != '\0');
|
|
-
|
|
- if (__access ("/etc/suid-debug", F_OK) != 0)
|
|
- unsetenv ("MALLOC_CHECK_");
|
|
- }
|
|
/* If we have to run the dynamic linker in debugging mode and the
|
|
LD_DEBUG_OUTPUT environment variable is given, we write the debug
|
|
messages to this file. */
|
|
- else if (any_debug && debug_output != NULL)
|
|
+ if (any_debug && debug_output != NULL)
|
|
{
|
|
#ifdef O_NOFOLLOW
|
|
const int flags = O_WRONLY | O_APPEND | O_CREAT | O_NOFOLLOW;
|
|
diff -Nru glibc-2.3.3.old/malloc/malloc.c glibc-2.3.3/malloc/malloc.c
|
|
--- glibc-2.3.3.old/malloc/malloc.c 2004-09-16 15:03:22.000000000 -0400
|
|
+++ glibc-2.3.3/malloc/malloc.c 2004-09-16 15:04:58.000000000 -0400
|
|
@@ -321,6 +321,10 @@
|
|
#define assert(x) ((void)0)
|
|
#endif
|
|
|
|
+#include <abort-instr.h>
|
|
+#ifndef ABORT_INSTRUCTION
|
|
+#define ABORT_INSTRUCTION
|
|
+#endif
|
|
|
|
/*
|
|
INTERNAL_SIZE_T is the word-size used for internal bookkeeping
|
|
diff -Nru glibc-2.3.3.old/sysdeps/generic/unsecvars.h glibc-2.3.3/sysdeps/generic/unsecvars.h
|
|
--- glibc-2.3.3.old/sysdeps/generic/unsecvars.h 2004-09-16 15:03:11.000000000 -0400
|
|
+++ glibc-2.3.3/sysdeps/generic/unsecvars.h 2004-09-16 15:04:58.000000000 -0400
|
|
@@ -3,6 +3,8 @@
|
|
with a '\0' explicitly. */
|
|
#define UNSECURE_ENVVARS \
|
|
"LD_PRELOAD\0" \
|
|
+ "LD_DEBUG\0" \
|
|
+ "LD_TRACE_PRELINKING\0" \
|
|
"LD_LIBRARY_PATH\0" \
|
|
"LD_ORIGIN_PATH\0" \
|
|
"LD_DEBUG_OUTPUT\0" \
|