1 2010-12-09 Andreas Schwab <schwab@redhat.com>
3 * elf/dl-object.c (_dl_new_object): Ignore origin of privileged
6 2010-10-18 Andreas Schwab <schwab@redhat.com>
8 * elf/dl-open.c (dl_open_worker): Don't expand DST here, let
11 Index: glibc-2.12-2-gc4ccff1/elf/dl-object.c
12 ===================================================================
13 --- glibc-2.12-2-gc4ccff1.orig/elf/dl-object.c
14 +++ glibc-2.12-2-gc4ccff1/elf/dl-object.c
15 @@ -214,6 +214,9 @@ _dl_new_object (char *realname, const ch
17 new->l_origin = origin;
19 + else if (INTUSE(__libc_enable_secure) && type == lt_executable)
20 + /* The origin of a privileged program cannot be trusted. */
21 + new->l_origin = (char *) -1;
25 Index: glibc-2.12-2-gc4ccff1/elf/dl-open.c
26 ===================================================================
27 --- glibc-2.12-2-gc4ccff1.orig/elf/dl-open.c
28 +++ glibc-2.12-2-gc4ccff1/elf/dl-open.c
29 @@ -221,35 +221,6 @@ dl_open_worker (void *a)
31 assert (_dl_debug_initialize (0, args->nsid)->r_state == RT_CONSISTENT);
33 - /* Maybe we have to expand a DST. */
34 - if (__builtin_expect (dst != NULL, 0))
36 - size_t len = strlen (file);
38 - /* Determine how much space we need. We have to allocate the
40 - size_t required = DL_DST_REQUIRED (call_map, file, len,
41 - _dl_dst_count (dst, 0));
43 - /* Get space for the new file name. */
44 - char *new_file = (char *) alloca (required + 1);
46 - /* Generate the new file name. */
47 - _dl_dst_substitute (call_map, file, new_file, 0);
49 - /* If the substitution failed don't try to load. */
50 - if (*new_file == '\0')
51 - _dl_signal_error (0, "dlopen", NULL,
52 - N_("empty dynamic string token substitution"));
54 - /* Now we have a new file name. */
57 - /* It does not matter whether call_map is set even if we
58 - computed it only because of the DST. Since the path contains
59 - a slash the value is not used. See dl-load.c. */
62 /* Load the named object. */
64 args->map = new = _dl_map_object (call_map, file, 0, lt_loaded, 0,