diff options
author | Joseph Myers <joseph@codesourcery.com> | 2014-10-10 11:13:11 +0000 |
---|---|---|
committer | Joseph Myers <joseph@codesourcery.com> | 2014-10-10 11:13:11 +0000 |
commit | 6bc6bd3b10e6c2fd4c656647aa643919b0519825 (patch) | |
tree | 13e502e2eac180e65c0eeb0c62defdac6bab29c3 /elf/rtld.c | |
parent | b8c80a7e0da28b6e94411ce7d589d2b09674b4b9 (diff) | |
download | glibc-6bc6bd3b10e6c2fd4c656647aa643919b0519825.zip glibc-6bc6bd3b10e6c2fd4c656647aa643919b0519825.tar.gz glibc-6bc6bd3b10e6c2fd4c656647aa643919b0519825.tar.bz2 |
Don't use INTVARDEF/INTUSE with __libc_enable_secure (bug 14132).
Continuing the removal of the obsolete INTDEF / INTVARDEF / INTUSE
mechanism, this patch replaces its use for __libc_enable_secure with
the use of rtld_hidden_data_def and rtld_hidden_proto.
Tested for x86_64 that installed stripped shared libraries are
unchanged by the patch.
[BZ #14132]
* elf/dl-sysdep.c (__libc_enable_secure): Use rtld_hidden_data_def
instead of INTVARDEF.
(_dl_sysdep_start): Do not use INTUSE with __libc_enable_secure.
* sysdeps/mach/hurd/dl-sysdep.c (__libc_enable_secure): Use
rtld_hidden_data_def instead of INTVARDEF.
(_dl_sysdep_start): Do not use INTUSE with __libc_enable_secure.
* elf/dl-deps.c (expand_dst): Likewise.
* elf/dl-load.c (_dl_dst_count): Likewise.
(_dl_dst_substitute): Likewise.
(decompose_rpath): Likewise.
(_dl_init_paths): Likewise.
(open_path): Likewise.
(_dl_map_object): Likewise.
* elf/rtld.c (dl_main): Likewise.
(process_dl_audit): Likewise.
(process_envvars): Likewise.
* include/unistd.h [IS_IN_rtld] (__libc_enable_secure_internal):
Remove declaration.
(__libc_enable_secure): Use rtld_hidden_proto.
Diffstat (limited to 'elf/rtld.c')
-rw-r--r-- | elf/rtld.c | 18 |
1 files changed, 9 insertions, 9 deletions
@@ -1498,7 +1498,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n", /* Prevent optimizing strsep. Speed is not important here. */ while ((p = (strsep) (&list, " :")) != NULL) if (p[0] != '\0' - && (__builtin_expect (! INTUSE(__libc_enable_secure), 1) + && (__builtin_expect (! __libc_enable_secure, 1) || strchr (p, '/') == NULL)) npreloads += do_preload (p, main_map, "LD_PRELOAD"); @@ -2318,7 +2318,7 @@ process_dl_audit (char *str) while ((p = (strsep) (&str, ":")) != NULL) if (p[0] != '\0' - && (__builtin_expect (! INTUSE(__libc_enable_secure), 1) + && (__builtin_expect (! __libc_enable_secure, 1) || strchr (p, '/') == NULL)) { /* This is using the local malloc, not the system malloc. The @@ -2352,7 +2352,7 @@ process_envvars (enum mode *modep) /* This is the default place for profiling data file. */ GLRO(dl_profile_output) - = &"/var/tmp\0/var/profile"[INTUSE(__libc_enable_secure) ? 9 : 0]; + = &"/var/tmp\0/var/profile"[__libc_enable_secure ? 9 : 0]; while ((envline = _dl_next_ld_env_entry (&runp)) != NULL) { @@ -2420,7 +2420,7 @@ process_envvars (enum mode *modep) case 9: /* Test whether we want to see the content of the auxiliary array passed up from the kernel. */ - if (!INTUSE(__libc_enable_secure) + if (!__libc_enable_secure && memcmp (envline, "SHOW_AUXV", 9) == 0) _dl_show_auxv (); break; @@ -2434,7 +2434,7 @@ process_envvars (enum mode *modep) case 11: /* Path where the binary is found. */ - if (!INTUSE(__libc_enable_secure) + if (!__libc_enable_secure && memcmp (envline, "ORIGIN_PATH", 11) == 0) GLRO(dl_origin_path) = &envline[12]; break; @@ -2454,7 +2454,7 @@ process_envvars (enum mode *modep) break; } - if (!INTUSE(__libc_enable_secure) + if (!__libc_enable_secure && memcmp (envline, "DYNAMIC_WEAK", 12) == 0) GLRO(dl_dynamic_weak) = 1; break; @@ -2465,7 +2465,7 @@ process_envvars (enum mode *modep) #ifdef EXTRA_LD_ENVVARS_13 EXTRA_LD_ENVVARS_13 #endif - if (!INTUSE(__libc_enable_secure) + if (!__libc_enable_secure && memcmp (envline, "USE_LOAD_BIAS", 13) == 0) { GLRO(dl_use_load_bias) = envline[14] == '1' ? -1 : 0; @@ -2478,7 +2478,7 @@ process_envvars (enum mode *modep) case 14: /* Where to place the profiling data file. */ - if (!INTUSE(__libc_enable_secure) + if (!__libc_enable_secure && memcmp (envline, "PROFILE_OUTPUT", 14) == 0 && envline[15] != '\0') GLRO(dl_profile_output) = &envline[15]; @@ -2516,7 +2516,7 @@ process_envvars (enum mode *modep) /* Extra security for SUID binaries. Remove all dangerous environment variables. */ - if (__builtin_expect (INTUSE(__libc_enable_secure), 0)) + if (__builtin_expect (__libc_enable_secure, 0)) { static const char unsecure_envvars[] = #ifdef EXTRA_UNSECURE_ENVVARS |