From b7f6e0c6f848b7a8c64b3f7b72014b48a9923729 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Thu, 23 Jun 2011 22:04:06 -0400 Subject: prepare support for LD_LIBRARY_PATH (checking suid/sgid safety) the use of this test will be much stricter than glibc and other typical implementations; the environment will not be honored whatsoever unless the program is confirmed non-suid/sgid by the aux vector the kernel passed in. no fallback to slow syscall-based checking is used if the kernel fails to provide the information; we simply assume the worst (suid) in this case and refuse to honor environment. --- src/ldso/dynlink.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/ldso') diff --git a/src/ldso/dynlink.c b/src/ldso/dynlink.c index 8ade0737..b308b875 100644 --- a/src/ldso/dynlink.c +++ b/src/ldso/dynlink.c @@ -48,6 +48,7 @@ struct dso }; static struct dso *head, *tail, *libc; +static int trust_env; #define AUX_CNT 15 #define DYN_CNT 34 @@ -373,6 +374,11 @@ void *__dynlink(int argc, char **argv, size_t *got) /* At this point the standard library is fully functional */ + /* Only trust user/env if kernel says we're not suid/sgid */ + trust_env = (aux[0]&0x7800)==0x7800 + && aux[AT_UID]==aux[AT_EUID] + && aux[AT_GID]==aux[AT_EGID]; + head = tail = &app; libc = &lib; app.next = 0; -- cgit v1.2.3-70-g09d2