[people/pmueller/ipfire-2.x.git] / src / patches / glibc-2.3.6-dont_use_origin_on_privil_exec.patch

diff -Naur glibc-2.3.6.org/elf/dl-load.c glibc-2.3.6/elf/dl-load.c
--- glibc-2.3.6.org/elf/dl-load.c	2005-04-06 04:50:10.000000000 +0200
+++ glibc-2.3.6/elf/dl-load.c	2010-10-19 17:41:09.000000000 +0200
@@ -176,8 +176,7 @@
 
 
 static size_t
-is_dst (const char *start, const char *name, const char *str,
-	int is_path, int secure)
+is_dst (const char *start, const char *name, const char *str, int is_path)
 {
   size_t len;
   bool is_curly = false;
@@ -206,11 +205,6 @@
 	   && (!is_path || name[len] != ':'))
     return 0;
 
-  if (__builtin_expect (secure, 0)
-      && ((name[len] != '\0' && (!is_path || name[len] != ':'))
-	  || (name != start + 1 && (!is_path || name[-2] != ':'))))
-    return 0;
-
   return len;
 }
 
@@ -225,13 +219,12 @@
     {
       size_t len;
 
-      /* $ORIGIN is not expanded for SUID/GUID programs (except if it
-	 is $ORIGIN alone) and it must always appear first in path.  */
+      /* $ORIGIN is not expanded for SUID/GUID programs.  */
       ++name;
-      if ((len = is_dst (start, name, "ORIGIN", is_path,
-			 INTUSE(__libc_enable_secure))) != 0
-	  || (len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0
-	  || (len = is_dst (start, name, "LIB", is_path, 0)) != 0)
+      if (((len = is_dst (start, name, "ORIGIN", is_path)) != 0
+	   && !INTUSE(__libc_enable_secure))
+	  || (len = is_dst (start, name, "PLATFORM", is_path)) != 0
+	  || (len = is_dst (start, name, "LIB", is_path)) != 0)
 	++cnt;
 
       name = strchr (name + len, '$');
@@ -263,12 +256,17 @@
 	  size_t len;
 
 	  ++name;
-	  if ((len = is_dst (start, name, "ORIGIN", is_path,
-			     INTUSE(__libc_enable_secure))) != 0)
-	    repl = l->l_origin;
-	  else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0)
+	  if ((len = is_dst (start, name, "ORIGIN", is_path)) != 0)
+	    {
+		// Ignore this path at SUID/GUID
+		if (INTUSE(__libc_enable_secure))
+			repl = (const char *) -1;
+		else
+		repl = l->l_origin;
+	    }
+	  else if ((len = is_dst (start, name, "PLATFORM", is_path)) != 0)
 	    repl = GLRO(dl_platform);
-	  else if ((len = is_dst (start, name, "LIB", is_path, 0)) != 0)
+	  else if ((len = is_dst (start, name, "LIB", is_path)) != 0)
 	    repl = DL_DST_LIB;
 
 	  if (repl != NULL && repl != (const char *) -1)
Commit	Line	Data
82a8499a AF	1	diff -Naur glibc-2.3.6.org/elf/dl-load.c glibc-2.3.6/elf/dl-load.c
	2	--- glibc-2.3.6.org/elf/dl-load.c 2005-04-06 04:50:10.000000000 +0200
	3	+++ glibc-2.3.6/elf/dl-load.c 2010-10-19 17:41:09.000000000 +0200
	4	@@ -176,8 +176,7 @@
	5
	6
	7	static size_t
	8	-is_dst (const char start, const char name, const char *str,
	9	- int is_path, int secure)
	10	+is_dst (const char start, const char name, const char *str, int is_path)
	11	{
	12	size_t len;
	13	bool is_curly = false;
	14	@@ -206,11 +205,6 @@
	15	&& (!is_path \|\| name[len] != ':'))
	16	return 0;
	17
	18	- if (__builtin_expect (secure, 0)
	19	- && ((name[len] != '\0' && (!is_path \|\| name[len] != ':'))
	20	- \|\| (name != start + 1 && (!is_path \|\| name[-2] != ':'))))
	21	- return 0;
	22	-
	23	return len;
	24	}
	25
	26	@@ -225,13 +219,12 @@
	27	{
	28	size_t len;
	29
	30	- /* $ORIGIN is not expanded for SUID/GUID programs (except if it
	31	- is $ORIGIN alone) and it must always appear first in path. */
	32	+ /* $ORIGIN is not expanded for SUID/GUID programs. */
	33	++name;
	34	- if ((len = is_dst (start, name, "ORIGIN", is_path,
	35	- INTUSE(__libc_enable_secure))) != 0
	36	- \|\| (len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0
	37	- \|\| (len = is_dst (start, name, "LIB", is_path, 0)) != 0)
	38	+ if (((len = is_dst (start, name, "ORIGIN", is_path)) != 0
	39	+ && !INTUSE(__libc_enable_secure))
	40	+ \|\| (len = is_dst (start, name, "PLATFORM", is_path)) != 0
	41	+ \|\| (len = is_dst (start, name, "LIB", is_path)) != 0)
	42	++cnt;
	43
	44	name = strchr (name + len, '$');
	45	@@ -263,12 +256,17 @@
	46	size_t len;
	47
	48	++name;
	49	- if ((len = is_dst (start, name, "ORIGIN", is_path,
	50	- INTUSE(__libc_enable_secure))) != 0)
	51	- repl = l->l_origin;
	52	- else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0)
	53	+ if ((len = is_dst (start, name, "ORIGIN", is_path)) != 0)
	54	+ {
	55	+ // Ignore this path at SUID/GUID
	56	+ if (INTUSE(__libc_enable_secure))
	57	+ repl = (const char *) -1;
	58	+ else
	59	+ repl = l->l_origin;
	60	+ }
	61	+ else if ((len = is_dst (start, name, "PLATFORM", is_path)) != 0)
	62	repl = GLRO(dl_platform);
	63	- else if ((len = is_dst (start, name, "LIB", is_path, 0)) != 0)
	64	+ else if ((len = is_dst (start, name, "LIB", is_path)) != 0)
65	repl = DL_DST_LIB;
66
67	if (repl != NULL && repl != (const char *) -1)