[uClibc-cvs] svn commit: trunk/uClibc/ldso/ldso

jocke at uclibc.org jocke at uclibc.org
Mon Mar 14 08:48:44 UTC 2005


Author: jocke
Date: 2005-03-14 01:48:42 -0700 (Mon, 14 Mar 2005)
New Revision: 9998

Log:
Force suid apps to do unlazy binding of the PLT relocs.
See http://bugs.gentoo.org/show_bug.cgi?id=71609 for
more details. Reported by Peter Mazinger.


Modified:
   trunk/uClibc/ldso/ldso/ldso.c


Changeset:
Modified: trunk/uClibc/ldso/ldso/ldso.c
===================================================================
--- trunk/uClibc/ldso/ldso/ldso.c	2005-03-12 19:13:41 UTC (rev 9997)
+++ trunk/uClibc/ldso/ldso/ldso.c	2005-03-14 08:48:42 UTC (rev 9998)
@@ -138,6 +138,38 @@
 	if (_dl_getenv("LD_BIND_NOW", envp))
 		unlazy = RTLD_NOW;
 
+	/* Now we need to figure out what kind of options are selected.
+	 * Note that for SUID programs we ignore the settings in
+	 * LD_LIBRARY_PATH.
+	 */
+	if ((auxvt[AT_UID].a_un.a_val == -1 && _dl_suid_ok()) ||
+	    (auxvt[AT_UID].a_un.a_val != -1 &&
+	     auxvt[AT_UID].a_un.a_val == auxvt[AT_EUID].a_un.a_val &&
+	     auxvt[AT_GID].a_un.a_val == auxvt[AT_EGID].a_un.a_val)) {
+		_dl_secure = 0;
+		_dl_preload = _dl_getenv("LD_PRELOAD", envp);
+		_dl_library_path = _dl_getenv("LD_LIBRARY_PATH", envp);
+	} else {
+		static const char unsecure_envvars[] =
+#ifdef EXTRA_UNSECURE_ENVVARS
+			EXTRA_UNSECURE_ENVVARS
+#endif
+			UNSECURE_ENVVARS;
+		const char *nextp;
+		_dl_secure = 1;
+
+		nextp = unsecure_envvars;
+		do {
+			_dl_unsetenv (nextp, envp);
+			/* We could use rawmemchr but this need not be fast.  */
+			nextp = (char *) _dl_strchr(nextp, '\0') + 1;
+		} while (*nextp != '\0');
+		_dl_preload = NULL;
+		_dl_library_path = NULL;
+		/* SUID binaries can be exploited if they do LAZY relocation. */
+		unlazy = RTLD_NOW;
+	}
+
 	/* At this point we are now free to examine the user application,
 	 * and figure out which libraries are supposed to be called.  Until
 	 * we have this list, we will not be completely ready for dynamic
@@ -270,36 +302,6 @@
 	app_tpnt->relro_addr = relro_addr;
 	app_tpnt->relro_size = relro_size;
 
-	/* Now we need to figure out what kind of options are selected.
-	 * Note that for SUID programs we ignore the settings in
-	 * LD_LIBRARY_PATH.
-	 */
-	if ((auxvt[AT_UID].a_un.a_val == -1 && _dl_suid_ok()) ||
-	    (auxvt[AT_UID].a_un.a_val != -1 &&
-	     auxvt[AT_UID].a_un.a_val == auxvt[AT_EUID].a_un.a_val &&
-	     auxvt[AT_GID].a_un.a_val == auxvt[AT_EGID].a_un.a_val)) {
-		_dl_secure = 0;
-		_dl_preload = _dl_getenv("LD_PRELOAD", envp);
-		_dl_library_path = _dl_getenv("LD_LIBRARY_PATH", envp);
-	} else {
-		static const char unsecure_envvars[] =
-#ifdef EXTRA_UNSECURE_ENVVARS
-			EXTRA_UNSECURE_ENVVARS
-#endif
-			UNSECURE_ENVVARS;
-		const char *nextp;
-		_dl_secure = 1;
-
-		nextp = unsecure_envvars;
-		do {
-			_dl_unsetenv (nextp, envp);
-			/* We could use rawmemchr but this need not be fast.  */
-			nextp = (char *) _dl_strchr(nextp, '\0') + 1;
-		} while (*nextp != '\0');
-		_dl_preload = NULL;
-		_dl_library_path = NULL;
-	}
-
 #ifdef __SUPPORT_LD_DEBUG__
 	_dl_debug = _dl_getenv("LD_DEBUG", envp);
 	if (_dl_debug) {




More information about the uClibc-cvs mailing list