]>
Commit | Line | Data |
---|---|---|
12788f63 MT |
1 | 2010-12-09 Andreas Schwab <schwab@redhat.com> |
2 | ||
3 | * elf/dl-object.c (_dl_new_object): Ignore origin of privileged | |
4 | program. | |
5 | ||
6 | 2010-10-18 Andreas Schwab <schwab@redhat.com> | |
7 | ||
8 | * elf/dl-open.c (dl_open_worker): Don't expand DST here, let | |
9 | _dl_map_object do it. | |
10 | ||
11 | Index: glibc-2.12-2-gc4ccff1/elf/dl-object.c | |
12 | =================================================================== | |
13 | --- glibc-2.12-2-gc4ccff1.orig/elf/dl-object.c | |
14 | +++ glibc-2.12-2-gc4ccff1/elf/dl-object.c | |
15 | @@ -214,6 +214,9 @@ _dl_new_object (char *realname, const ch | |
16 | out: | |
17 | new->l_origin = origin; | |
18 | } | |
19 | + else if (INTUSE(__libc_enable_secure) && type == lt_executable) | |
20 | + /* The origin of a privileged program cannot be trusted. */ | |
21 | + new->l_origin = (char *) -1; | |
22 | ||
23 | return new; | |
24 | } | |
25 | Index: glibc-2.12-2-gc4ccff1/elf/dl-open.c | |
26 | =================================================================== | |
27 | --- glibc-2.12-2-gc4ccff1.orig/elf/dl-open.c | |
28 | +++ glibc-2.12-2-gc4ccff1/elf/dl-open.c | |
29 | @@ -221,35 +221,6 @@ dl_open_worker (void *a) | |
30 | ||
31 | assert (_dl_debug_initialize (0, args->nsid)->r_state == RT_CONSISTENT); | |
32 | ||
33 | - /* Maybe we have to expand a DST. */ | |
34 | - if (__builtin_expect (dst != NULL, 0)) | |
35 | - { | |
36 | - size_t len = strlen (file); | |
37 | - | |
38 | - /* Determine how much space we need. We have to allocate the | |
39 | - memory locally. */ | |
40 | - size_t required = DL_DST_REQUIRED (call_map, file, len, | |
41 | - _dl_dst_count (dst, 0)); | |
42 | - | |
43 | - /* Get space for the new file name. */ | |
44 | - char *new_file = (char *) alloca (required + 1); | |
45 | - | |
46 | - /* Generate the new file name. */ | |
47 | - _dl_dst_substitute (call_map, file, new_file, 0); | |
48 | - | |
49 | - /* If the substitution failed don't try to load. */ | |
50 | - if (*new_file == '\0') | |
51 | - _dl_signal_error (0, "dlopen", NULL, | |
52 | - N_("empty dynamic string token substitution")); | |
53 | - | |
54 | - /* Now we have a new file name. */ | |
55 | - file = new_file; | |
56 | - | |
57 | - /* It does not matter whether call_map is set even if we | |
58 | - computed it only because of the DST. Since the path contains | |
59 | - a slash the value is not used. See dl-load.c. */ | |
60 | - } | |
61 | - | |
62 | /* Load the named object. */ | |
63 | struct link_map *new; | |
64 | args->map = new = _dl_map_object (call_map, file, 0, lt_loaded, 0, |