src/patches/glibc/glibc-rh643822.patch

   1 2010-12-09  Andreas Schwab  <schwab@redhat.com>
   2
   3         * elf/dl-object.c (_dl_new_object): Ignore origin of privileged
   4         program.
   5
   6 2010-10-18  Andreas Schwab  <schwab@redhat.com>
   7
   8         * elf/dl-open.c (dl_open_worker): Don't expand DST here, let
   9         _dl_map_object do it.
  10
  11 Index: glibc-2.12-2-gc4ccff1/elf/dl-object.c
  12 ===================================================================
  13 --- glibc-2.12-2-gc4ccff1.orig/elf/dl-object.c
  14 +++ glibc-2.12-2-gc4ccff1/elf/dl-object.c
  15 @@ -214,6 +214,9 @@ _dl_new_object (char *realname, const ch
  16      out:
  17        new->l_origin = origin;
  18      }
  19 +  else if (INTUSE(__libc_enable_secure) && type == lt_executable)
  20 +    /* The origin of a privileged program cannot be trusted.  */
  21 +    new->l_origin = (char *) -1;
  22
  23    return new;
  24  }
  25 Index: glibc-2.12-2-gc4ccff1/elf/dl-open.c
  26 ===================================================================
  27 --- glibc-2.12-2-gc4ccff1.orig/elf/dl-open.c
  28 +++ glibc-2.12-2-gc4ccff1/elf/dl-open.c
  29 @@ -221,35 +221,6 @@ dl_open_worker (void *a)
  30
  31    assert (_dl_debug_initialize (0, args->nsid)->r_state == RT_CONSISTENT);
  32
  33 -  /* Maybe we have to expand a DST.  */
  34 -  if (__builtin_expect (dst != NULL, 0))
  35 -    {
  36 -      size_t len = strlen (file);
  37 -
  38 -      /* Determine how much space we need.  We have to allocate the
  39 -        memory locally.  */
  40 -      size_t required = DL_DST_REQUIRED (call_map, file, len,
  41 -                                        _dl_dst_count (dst, 0));
  42 -
  43 -      /* Get space for the new file name.  */
  44 -      char *new_file = (char *) alloca (required + 1);
  45 -
  46 -      /* Generate the new file name.  */
  47 -      _dl_dst_substitute (call_map, file, new_file, 0);
  48 -
  49 -      /* If the substitution failed don't try to load.  */
  50 -      if (*new_file == '\0')
  51 -       _dl_signal_error (0, "dlopen", NULL,
  52 -                         N_("empty dynamic string token substitution"));
  53 -
  54 -      /* Now we have a new file name.  */
  55 -      file = new_file;
  56 -
  57 -      /* It does not matter whether call_map is set even if we
  58 -        computed it only because of the DST.  Since the path contains
  59 -        a slash the value is not used.  See dl-load.c.  */
  60 -    }
  61 -
  62    /* Load the named object.  */
  63    struct link_map *new;
  64    args->map = new = _dl_map_object (call_map, file, 0, lt_loaded, 0,