[people/teissler/ipfire-2.x.git] / src / patches / glibc / glibc-rh643822.patch

2010-12-09  Andreas Schwab  <schwab@redhat.com>

	* elf/dl-object.c (_dl_new_object): Ignore origin of privileged
	program.

2010-10-18  Andreas Schwab  <schwab@redhat.com>

	* elf/dl-open.c (dl_open_worker): Don't expand DST here, let
	_dl_map_object do it.

Index: glibc-2.12-2-gc4ccff1/elf/dl-object.c
===================================================================
--- glibc-2.12-2-gc4ccff1.orig/elf/dl-object.c
+++ glibc-2.12-2-gc4ccff1/elf/dl-object.c
@@ -214,6 +214,9 @@ _dl_new_object (char *realname, const ch
     out:
       new->l_origin = origin;
     }
+  else if (INTUSE(__libc_enable_secure) && type == lt_executable)
+    /* The origin of a privileged program cannot be trusted.  */
+    new->l_origin = (char *) -1;
 
   return new;
 }
Index: glibc-2.12-2-gc4ccff1/elf/dl-open.c
===================================================================
--- glibc-2.12-2-gc4ccff1.orig/elf/dl-open.c
+++ glibc-2.12-2-gc4ccff1/elf/dl-open.c
@@ -221,35 +221,6 @@ dl_open_worker (void *a)
 
   assert (_dl_debug_initialize (0, args->nsid)->r_state == RT_CONSISTENT);
 
-  /* Maybe we have to expand a DST.  */
-  if (__builtin_expect (dst != NULL, 0))
-    {
-      size_t len = strlen (file);
-
-      /* Determine how much space we need.  We have to allocate the
-	 memory locally.  */
-      size_t required = DL_DST_REQUIRED (call_map, file, len,
-					 _dl_dst_count (dst, 0));
-
-      /* Get space for the new file name.  */
-      char *new_file = (char *) alloca (required + 1);
-
-      /* Generate the new file name.  */
-      _dl_dst_substitute (call_map, file, new_file, 0);
-
-      /* If the substitution failed don't try to load.  */
-      if (*new_file == '\0')
-	_dl_signal_error (0, "dlopen", NULL,
-			  N_("empty dynamic string token substitution"));
-
-      /* Now we have a new file name.  */
-      file = new_file;
-
-      /* It does not matter whether call_map is set even if we
-	 computed it only because of the DST.  Since the path contains
-	 a slash the value is not used.  See dl-load.c.  */
-    }
-
   /* Load the named object.  */
   struct link_map *new;
   args->map = new = _dl_map_object (call_map, file, 0, lt_loaded, 0,
Commit	Line	Data
12788f63 MT	1	2010-12-09 Andreas Schwab <schwab@redhat.com>
	2
	3	* elf/dl-object.c (_dl_new_object): Ignore origin of privileged
	4	program.
	5
	6	2010-10-18 Andreas Schwab <schwab@redhat.com>
	7
	8	* elf/dl-open.c (dl_open_worker): Don't expand DST here, let
	9	_dl_map_object do it.
	10
	11	Index: glibc-2.12-2-gc4ccff1/elf/dl-object.c
	12	===================================================================
	13	--- glibc-2.12-2-gc4ccff1.orig/elf/dl-object.c
	14	+++ glibc-2.12-2-gc4ccff1/elf/dl-object.c
	15	@@ -214,6 +214,9 @@ _dl_new_object (char *realname, const ch
	16	out:
	17	new->l_origin = origin;
	18	}
	19	+ else if (INTUSE(__libc_enable_secure) && type == lt_executable)
	20	+ /* The origin of a privileged program cannot be trusted. */
	21	+ new->l_origin = (char *) -1;
	22
	23	return new;
	24	}
	25	Index: glibc-2.12-2-gc4ccff1/elf/dl-open.c
	26	===================================================================
	27	--- glibc-2.12-2-gc4ccff1.orig/elf/dl-open.c
	28	+++ glibc-2.12-2-gc4ccff1/elf/dl-open.c
	29	@@ -221,35 +221,6 @@ dl_open_worker (void *a)
	30
	31	assert (_dl_debug_initialize (0, args->nsid)->r_state == RT_CONSISTENT);
	32
	33	- /* Maybe we have to expand a DST. */
	34	- if (__builtin_expect (dst != NULL, 0))
	35	- {
	36	- size_t len = strlen (file);
	37	-
	38	- /* Determine how much space we need. We have to allocate the
	39	- memory locally. */
	40	- size_t required = DL_DST_REQUIRED (call_map, file, len,
	41	- _dl_dst_count (dst, 0));
	42	-
	43	- /* Get space for the new file name. */
	44	- char new_file = (char ) alloca (required + 1);
	45	-
	46	- /* Generate the new file name. */
	47	- _dl_dst_substitute (call_map, file, new_file, 0);
	48	-
	49	- /* If the substitution failed don't try to load. */
	50	- if (*new_file == '\0')
	51	- _dl_signal_error (0, "dlopen", NULL,
	52	- N_("empty dynamic string token substitution"));
	53	-
	54	- /* Now we have a new file name. */
	55	- file = new_file;
	56	-
	57	- /* It does not matter whether call_map is set even if we
	58	- computed it only because of the DST. Since the path contains
	59	- a slash the value is not used. See dl-load.c. */
	60	- }
	61	-
	62	/* Load the named object. */
	63	struct link_map *new;
	64	args->map = new = _dl_map_object (call_map, file, 0, lt_loaded, 0,