Update.

2004-12-01 Jakub Jelinek <jakub@redhat.com> * elf/rtld.c (process_envvars): Don't consider LD_SHOW_AUXV and LD_DYNAMIC_WEAK if __libc_enable_secure. If __libc_enable_secure, /etc/suid-debug doesn't exist and program will be actually run, turn off all debugging. * sysdeps/generic/unsecvars.h (UNSECURE_ENVVARS): Add LD_DEBUG, LD_DYNAMIC_WEAK and LD_SHOW_AUXV.
2004-12-07 06:55:06 +00:00 · 2004-12-07 06:55:06 +00:00 · 00a121627c
parent bbd0bf24e9
commit 00a121627c
3 changed files with 21 additions and 3 deletions
--- a/9
+++ b/9
@ -1,3 +1,12 @@
+2004-12-01  Jakub Jelinek  <jakub@redhat.com>
+
+	* elf/rtld.c (process_envvars): Don't consider LD_SHOW_AUXV
+	and LD_DYNAMIC_WEAK if __libc_enable_secure.
+	If __libc_enable_secure, /etc/suid-debug doesn't exist and
+	program will be actually run, turn off all debugging.
+	* sysdeps/generic/unsecvars.h (UNSECURE_ENVVARS): Add LD_DEBUG,
+	LD_DYNAMIC_WEAK and LD_SHOW_AUXV.
+
 2004-12-06  Jakub Jelinek  <jakub@redhat.com>

 	* time/tzset.c (tzset_internal): If + or - is seen,
--- a/elf/rtld.c
+++ b/elf/rtld.c
@ -2158,7 +2158,8 @@ process_envvars (enum mode *modep)
 	case 9:
 	  /* Test whether we want to see the content of the auxiliary
 	     array passed up from the kernel.  */
-	  if (memcmp (envline, "SHOW_AUXV", 9) == 0)
+	  if (!INTUSE(__libc_enable_secure)
+	      && memcmp (envline, "SHOW_AUXV", 9) == 0)
 	    _dl_show_auxv ();
 	  break;

@ -2191,7 +2192,8 @@ process_envvars (enum mode *modep)
 	      break;
 	    }

-	  if (memcmp (envline, "DYNAMIC_WEAK", 12) == 0)
+	  if (!INTUSE(__libc_enable_secure)
+	      && memcmp (envline, "DYNAMIC_WEAK", 12) == 0)
 	    GLRO(dl_dynamic_weak) = 1;
 	  break;

@ -2265,7 +2267,11 @@ process_envvars (enum mode *modep)
      while (*nextp != '\0');

      if (__access ("/etc/suid-debug", F_OK) != 0)
-	unsetenv ("MALLOC_CHECK_");
+        {
+	  unsetenv ("MALLOC_CHECK_");
+	  if (mode == normal)
+	    GLRO(dl_debug_mask) = 0;
+        }
    }
  /* If we have to run the dynamic linker in debugging mode and the
     LD_DEBUG_OUTPUT environment variable is given, we write the debug
--- a/sysdeps/generic/unsecvars.h
+++ b/sysdeps/generic/unsecvars.h
@ -5,9 +5,12 @@
  "LD_PRELOAD\0"							      \
  "LD_LIBRARY_PATH\0"							      \
  "LD_ORIGIN_PATH\0"							      \
+  "LD_DEBUG\0"								      \
  "LD_DEBUG_OUTPUT\0"							      \
  "LD_PROFILE\0"							      \
  "LD_USE_LOAD_BIAS\0"							      \
+  "LD_DYNAMIC_WEAK\0"							      \
+  "LD_SHOW_AUXV\0"							      \
  "GCONV_PATH\0"							      \
  "GETCONF_DIR\0"							      \
  "HOSTALIASES\0"							      \