Revert "Never expand $ORIGIN in privileged programs"

This reverts commit 4b646a51f13fd6816c483fb24c308a13264c6d1a.

diff --git a/ChangeLog b/ChangeLog
index f293a1a98ecd9541630454f2ef5dd6f2acd0b76e..445600e2950fcdc5a02ba1ccd688195dd0ef83b9 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -214,12 +214,6 @@
        * scripts/data/localplt-s390-linux-gnu.data: New file.
        * scripts/data/localplt-s390x-linux-gnu.data: New file.
 
-2010-10-18  Andreas Schwab  <schwab@redhat.com>
-
-       * elf/dl-load.c (is_dst): Remove last parameter.
-       (_dl_dst_count): Ignore $ORIGIN in privileged programs.
-       (_dl_dst_substitute): Likewise.
-
 2010-10-13  Jakub Jelinek  <jakub@redhat.com>
 
        [BZ #3268]

diff --git a/elf/dl-load.c b/elf/dl-load.c
index 3b09079e4200c0f9a524d6877344ebd3f18d741d..4c14f08e55382e96d0a7230b4438926fcff6203c 100644 (file)
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -169,7 +169,8 @@ local_strdup (const char *s)
 
 
 static size_t
-is_dst (const char *start, const char *name, const char *str, int is_path)
+is_dst (const char *start, const char *name, const char *str,
+       int is_path, int secure)
 {
   size_t len;
   bool is_curly = false;
@@ -198,6 +199,11 @@ is_dst (const char *start, const char *name, const char *str, int is_path)
           && (!is_path || name[len] != ':'))
     return 0;
 
+  if (__builtin_expect (secure, 0)
+      && ((name[len] != '\0' && (!is_path || name[len] != ':'))
+         || (name != start + 1 && (!is_path || name[-2] != ':'))))
+    return 0;
+
   return len;
 }
 
@@ -212,12 +218,13 @@ _dl_dst_count (const char *name, int is_path)
     {
       size_t len;
 
-      /* $ORIGIN is not expanded for SUID/GUID programs.  */
+      /* $ORIGIN is not expanded for SUID/GUID programs (except if it
+        is $ORIGIN alone) and it must always appear first in path.  */
       ++name;
-      if (((len = is_dst (start, name, "ORIGIN", is_path)) != 0
-          && !INTUSE(__libc_enable_secure))
-         || (len = is_dst (start, name, "PLATFORM", is_path)) != 0
-         || (len = is_dst (start, name, "LIB", is_path)) != 0)
+      if ((len = is_dst (start, name, "ORIGIN", is_path,
+                        INTUSE(__libc_enable_secure))) != 0
+         || (len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0
+         || (len = is_dst (start, name, "LIB", is_path, 0)) != 0)
        ++cnt;
 
       name = strchr (name + len, '$');
@@ -249,12 +256,9 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result,
          size_t len;
 
          ++name;
-         if ((len = is_dst (start, name, "ORIGIN", is_path)) != 0)
+         if ((len = is_dst (start, name, "ORIGIN", is_path,
+                            INTUSE(__libc_enable_secure))) != 0)
            {
-             /* Ignore this path element in SUID/SGID programs.  */
-             if (INTUSE(__libc_enable_secure))
-               repl = (const char *) -1;
-             else
 #ifndef SHARED
              if (l == NULL)
                repl = _dl_get_origin ();
@@ -262,9 +266,9 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result,
 #endif
                repl = l->l_origin;
            }
-         else if ((len = is_dst (start, name, "PLATFORM", is_path)) != 0)
+         else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0)
            repl = GLRO(dl_platform);
-         else if ((len = is_dst (start, name, "LIB", is_path)) != 0)
+         else if ((len = is_dst (start, name, "LIB", is_path, 0)) != 0)
            repl = DL_DST_LIB;
 
          if (repl != NULL && repl != (const char *) -1)