From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Mon, 6 Nov 2023 20:25:50 +0000 (-0300)
Subject: elf: Add comments on how LD_AUDIT and LD_PRELOAD handle __libc_enable_secure
X-Git-Tag: glibc-2.39~248
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=780c33920281c5d5cc42a1e578bdc9218e675405;p=thirdparty%2Fglibc.git

elf: Add comments on how LD_AUDIT and LD_PRELOAD handle __libc_enable_secure

To make explicit why __libc_enable_secure is not checked.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
---

diff --git a/elf/rtld.c b/elf/rtld.c
index 7d4c843e7ed..0553c05edb0 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -2561,6 +2561,10 @@ process_envvars (struct dl_main_state *state)
 	      process_dl_debug (state, &envline[6]);
 	      break;
 	    }
+	  /* For __libc_enable_secure mode, audit pathnames containing slashes
+	     are ignored.  Also, shared audit objects are only loaded only from
+	     the standard search directories and only if they have set-user-ID
+	     mode bit enabled.  */
 	  if (memcmp (envline, "AUDIT", 5) == 0)
 	    audit_list_add_string (&state->audit_list, &envline[6]);
 	  break;
@@ -2573,7 +2577,10 @@ process_envvars (struct dl_main_state *state)
 	      break;
 	    }
 
-	  /* List of objects to be preloaded.  */
+	  /* For __libc_enable_secure mode, preload pathnames containing slashes
+	     are ignored.  Also, shared objects are only preloaded from the
+	     standard search directories and only if they have set-user-ID mode
+	     bit enabled.  */
 	  if (memcmp (envline, "PRELOAD", 7) == 0)
 	    {
 	      state->preloadlist = &envline[8];