prepare support for LD_LIBRARY_PATH (checking suid/sgid safety)

the use of this test will be much stricter than glibc and other typical implementations; the environment will not be honored whatsoever unless the program is confirmed non-suid/sgid by the aux vector the kernel passed in. no fallback to slow syscall-based checking is used if the kernel fails to provide the information; we simply assume the worst (suid) in this case and refuse to honor environment.
2011-06-23 22:04:06 -04:00 · 2011-06-23 22:04:06 -04:00 · b7f6e0c6f8
parent c7ce1b20d2
commit b7f6e0c6f8
1 changed files with 6 additions and 0 deletions
--- a/src/ldso/dynlink.c
+++ b/src/ldso/dynlink.c
@ -48,6 +48,7 @@ struct dso
 };

 static struct dso *head, *tail, *libc;
+static int trust_env;

 #define AUX_CNT 15
 #define DYN_CNT 34
@ -373,6 +374,11 @@ void *__dynlink(int argc, char **argv, size_t *got)

 	/* At this point the standard library is fully functional */

+	/* Only trust user/env if kernel says we're not suid/sgid */
+	trust_env = (aux[0]&0x7800)==0x7800
+		&& aux[AT_UID]==aux[AT_EUID]
+		&& aux[AT_GID]==aux[AT_EGID];
+
 	head = tail = &app;
 	libc = &lib;
 	app.next = 0;