Update.

	* elf/dl-load.c (_dl_dst_count): In SUID binaries expand $ORIGIN
	if it is alone.
	(_dl_dst_substitute): Likewise.

diff --git a/ChangeLog b/ChangeLog
index 3ed611e3409d48d6e32251777d9d999dc2b9080f..62fd68d4dc8f94633ee277f89f8f5982b6832c89 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 2001-07-22  Ulrich Drepper  <drepper@redhat.com>
 
+       * elf/dl-load.c (_dl_dst_count): In SUID binaries expand $ORIGIN
+       if it is alone.
+       (_dl_dst_substitute): Likewise.
+
        * iconv/iconvconfig.c: Remove --verbose option.  Comment out
        mcheck_verbose call.
 

diff --git a/elf/dl-load.c b/elf/dl-load.c
index 46b7d814120368c8466a5a4443b6a48b64ee891f..b9ef523b4904fee724693f2b28bc3df0af1878c0 100644 (file)
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -180,8 +180,8 @@ _dl_dst_count (const char *name, int is_path)
     {
       size_t len = 1;
 
-      /* $ORIGIN is not expanded for SUID/GUID programs and it must
-        always appear first in path.
+      /* $ORIGIN is not expanded for SUID/GUID programs (except if it
+        is $ORIGIN alone) and it must always appear first in path.
 
         Note that it is no bug that the string in the second and
         fourth `strncmp' call is longer than the sequence which is
@@ -192,7 +192,8 @@ _dl_dst_count (const char *name, int is_path)
                   || (is_path && name[7] == ':'))
               && (len = 7) != 0)))
        {
-         if (__builtin_expect (!__libc_enable_secure, 1)
+         if ((__builtin_expect (!__libc_enable_secure, 1)
+              || name[len] == '\0' || (is_path && name[len] == ':'))
              && (name == start || (is_path && name[-1] == ':')))
            ++cnt;
        }
@@ -241,7 +242,8 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result,
                       || (is_path && name[7] == ':'))
                   && (len = 7) != 0)))
            {
-             if (__builtin_expect (!__libc_enable_secure, 1)
+             if ((__builtin_expect (!__libc_enable_secure, 1)
+                  || name[len] == '\0' || (is_path && name[len] == ':'))
                  && (name == start || (is_path && name[-1] == ':')))
                repl = l->l_origin;
            }