diff options
-rw-r--r-- | ChangeLog | 45 | ||||
-rw-r--r-- | csu/Makefile | 2 | ||||
-rw-r--r-- | elf/rtld.c | 5 | ||||
-rw-r--r-- | hurd/hurdsig.c | 2 | ||||
-rw-r--r-- | intl/dcgettext.c | 34 | ||||
-rw-r--r-- | intl/explodename.c | 15 | ||||
-rw-r--r-- | intl/loadinfo.h | 2 | ||||
-rw-r--r-- | locale/findlocale.c | 9 | ||||
-rw-r--r-- | locale/setlocale.c | 4 | ||||
-rw-r--r-- | malloc/malloc.c | 2 | ||||
-rw-r--r-- | manual/arith.texi | 2 | ||||
-rw-r--r-- | manual/conf.texi | 4 | ||||
-rw-r--r-- | manual/filesys.texi | 2 | ||||
-rw-r--r-- | manual/io.texi | 2 | ||||
-rw-r--r-- | manual/llio.texi | 2 | ||||
-rw-r--r-- | manual/math.texi | 2 | ||||
-rw-r--r-- | manual/message.texi | 2 | ||||
-rw-r--r-- | manual/signal.texi | 2 | ||||
-rw-r--r-- | manual/users.texi | 2 | ||||
-rw-r--r-- | math/math.h | 2 | ||||
-rw-r--r-- | posix/unistd.h | 2 | ||||
-rw-r--r-- | sysdeps/arm/strlen.S | 8 | ||||
-rw-r--r-- | sysdeps/arm/sysdep.h | 3 | ||||
-rw-r--r-- | sysdeps/unix/arm/sysdep.S | 2 | ||||
-rw-r--r-- | sysdeps/unix/bsd/hp/m68k/vfork.S | 2 | ||||
-rw-r--r-- | sysdeps/unix/bsd/sun/m68k/vfork.S | 2 | ||||
-rw-r--r-- | sysdeps/unix/bsd/vax/vfork.S | 2 | ||||
-rw-r--r-- | sysdeps/unix/sysv/linux/arm/socket.S | 18 |
28 files changed, 148 insertions, 33 deletions
@@ -1,3 +1,48 @@ +1998-05-19 15:58 Ulrich Drepper <drepper@cygnus.com> + + * elf/rtld.c (process_envvars): Fix typo. Don't handle + LD_PROFILE_OUTPUT in SUID binaries. + * intl/dcgettext.c: In SUID binaries don't let language part of + locale value contain path elements. + * intl/explodename.h: Define new function _nl_find_language. + * intl/loadinfo.h: Declare _nl_find_language. + * locale/findlocale.c (_nl_find_locale): Use _nl_find_locale to get + language part it drop the value is path element is contained. + + * locale/setlocale.c: Fix typo. + +1998-05-18 Philip Blundell <Philip.Blundell@pobox.com> + + * sysdeps/unix/sysv/linux/arm/socket.S: Correct handling of arguments. + + * sysdeps/arm/strlen.S: Support both big and little endian processors. + + * sysdeps/arm/sysdep.h (ALIGNARG): ELF .align directive uses a + log, not a byte-count. + + * sysdeps/unix/arm/sysdep.S (syscall_error): Use C_SYMBOL_NAME for + a.out compatibility. + +1998-05-19 Andreas Jaeger <aj@arthur.rhein-neckar.de> + + * sysdeps/unix/bsd/vax/vfork.S: Fix the "the the" problems. + * sysdeps/unix/bsd/sun/m68k/vfork.S: Likewise. + * sysdeps/unix/bsd/hp/m68k/vfork.S: Likewise. + * posix/unistd.h: Likewise. + * math/math.h: Likewise. + * manual/users.texi (Manipulating the Database): Likewise. + * manual/signal.texi (Job Control Signals): Likewise. + * manual/message.texi (The gencat program): Likewise. + * manual/filesys.texi (Hard Links): Likewise. + * manual/math.texi (SVID Random): Likewise. + * manual/llio.texi (Waiting for I/O): Likewise. + * manual/io.texi (File Name Errors): Likewise. + * manual/conf.texi (String Parameters): Likewise. + * manual/arith.texi (Infinity): Likewise. + * malloc/malloc.c: Likewise. + * hurd/hurdsig.c (_hurd_internal_post_signal): Likewise. + * csu/Makefile: Likewise. + 1998-05-19 12:16 Ulrich Drepper <drepper@cygnus.com> * manual/memory.texi: Add back accidently removed line. diff --git a/csu/Makefile b/csu/Makefile index fcbaaf0..dfc76f2 100644 --- a/csu/Makefile +++ b/csu/Makefile @@ -121,7 +121,7 @@ endef ifndef start-installed-name-rule ifeq (yes,$(elf)) # We link the ELF startfile along with a SHT_NOTE section indicating -# the the kernel ABI the binaries linked with this library will require. +# the kernel ABI the binaries linked with this library will require. $(objpfx)$(start-installed-name): $(objpfx)start.o $(objpfx)abi-note.o \ $(objpfx)init.o $(link-relocatable) @@ -1113,7 +1113,7 @@ process_envvars (enum mode *modep, int *lazyp) break; case 10: - /* mask for the important hardware capabilities. */ + /* Mask for the important hardware capabilities. */ if (memcmp (&envline[3], "HWCAP_MASK", 10) == 0) _dl_hwcap_mask = strtoul (&envline[14], NULL, 0); break; @@ -1133,7 +1133,8 @@ process_envvars (enum mode *modep, int *lazyp) case 14: /* Where to place the profiling data file. */ - if (memcmp (&envline[3], "PROFILE_OUTPUT", 14) == 0) + if (!__libc_enable_secure + && memcmp (&envline[3], "PROFILE_OUTPUT", 14) == 0) { _dl_profile_output = &envline[18]; if (*_dl_profile_output == '\0') diff --git a/hurd/hurdsig.c b/hurd/hurdsig.c index 0c8ed14..6597198 100644 --- a/hurd/hurdsig.c +++ b/hurd/hurdsig.c @@ -818,7 +818,7 @@ _hurd_internal_post_signal (struct hurd_sigstate *ss, /* In a critical section, any RPC should be cancelled instead of restarted, regardless of - SA_RESTART, so the the entire + SA_RESTART, so the entire "atomic" operation can be aborted as a unit. */ crit ? 0 : signo, 1, diff --git a/intl/dcgettext.c b/intl/dcgettext.c index a79c1f5..777dd31 100644 --- a/intl/dcgettext.c +++ b/intl/dcgettext.c @@ -221,6 +221,24 @@ struct block_list # define DCGETTEXT dcgettext__ #endif +/* Checking whether the binaries runs SUID must be done and glibc provides + easier methods therefore we make a difference here. */ +#ifdef _LIBC +# define ENABLE_SECURE __libc_enable_secure +# define DETERMINE_SECURE +#else +static int enable_secure; +# define ENABLE_SECURE (enable_secure == 1) +# define DETERMINE_SECURE \ + if (enable_secure == 0) \ + { \ + if (getuid () != geteuid () || getgid () != getegid ()) \ + enable_secure = 1; \ + else \ + enable_secure = -1; \ + } +#endif + /* Look up MSGID in the DOMAINNAME message catalog for the current CATEGORY locale. */ char * @@ -245,9 +263,12 @@ DCGETTEXT (domainname, msgid, category) if (msgid == NULL) return NULL; + /* See whether this is a SUID binary or not. */ + DETERMINE_SECURE; + /* If DOMAINNAME is NULL, we are interested in the default domain. If CATEGORY is not LC_MESSAGES this might not make much sense but the - defintion left this undefined. */ + definition left this undefined. */ if (domainname == NULL) domainname = _nl_current_default_domain; @@ -322,7 +343,7 @@ DCGETTEXT (domainname, msgid, category) /* Search for the given string. This is a loop because we perhaps - got an ordered list of languages to consider for th translation. */ + got an ordered list of languages to consider for the translation. */ while (1) { /* Make CATEGORYVALUE point to the next element of the list. */ @@ -343,6 +364,15 @@ DCGETTEXT (domainname, msgid, category) while (categoryvalue[0] != '\0' && categoryvalue[0] != ':') *cp++ = *categoryvalue++; *cp = '\0'; + + /* When this is a SUID binary we must not allow accessing files + outside the dedicated directories. */ + if (ENABLE_SECURE + && (memchr (single_locale, '/', + _nl_find_language (single_locale) - single_locale) + != NULL)) + /* Ingore this entry. */ + continue; } /* If the current locale value is C (or POSIX) we don't load a diff --git a/intl/explodename.c b/intl/explodename.c index 8dad496..8fe928f 100644 --- a/intl/explodename.c +++ b/intl/explodename.c @@ -47,6 +47,17 @@ /* @@ end of prolog @@ */ +char * +_nl_find_language (const char *name) +{ + while (name[0] != '\0' && name[0] != '_' && name[0] != '@' + && name[0] != '+' && name[0] != ',') + ++name; + + return (char *) name; +} + + int _nl_explode_name (name, language, modifier, territory, codeset, normalized_codeset, special, sponsor, revision) @@ -78,9 +89,7 @@ _nl_explode_name (name, language, modifier, territory, codeset, mask = 0; syntax = undecided; *language = cp = name; - while (cp[0] != '\0' && cp[0] != '_' && cp[0] != '@' - && cp[0] != '+' && cp[0] != ',') - ++cp; + cp = _nl_find_language (*language); if (*language == cp) /* This does not make sense: language has to be specified. Use diff --git a/intl/loadinfo.h b/intl/loadinfo.h index 8fabe63..b82dc90 100644 --- a/intl/loadinfo.h +++ b/intl/loadinfo.h @@ -75,3 +75,5 @@ extern int _nl_explode_name PARAMS ((char *name, const char **language, const char **special, const char **sponsor, const char **revision)); + +extern char *_nl_find_language PARAMS ((const char *name)); diff --git a/locale/findlocale.c b/locale/findlocale.c index b651dba..e2fdd06 100644 --- a/locale/findlocale.c +++ b/locale/findlocale.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1996, 1997 Free Software Foundation, Inc. +/* Copyright (C) 1996, 1997, 1998 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1996. @@ -20,6 +20,7 @@ #include <locale.h> #include <stdlib.h> #include <string.h> +#include <unistd.h> #include <sys/mman.h> #include "localeinfo.h" @@ -51,7 +52,11 @@ _nl_find_locale (const char *locale_path, size_t locale_path_len, const char *revision; struct loaded_l10nfile *locale_file; - if ((*name)[0] == '\0') + if ((*name)[0] == '\0' + /* In SUID binaries we must not allow people to access files + outside the dedicated locale directories. */ + || (__libc_enable_secure + && memchr (*name, '/', _nl_find_language (*name) - *name) != NULL)) { /* The user decides which locale to use by setting environment variables. */ diff --git a/locale/setlocale.c b/locale/setlocale.c index 33599c6..4b6a300 100644 --- a/locale/setlocale.c +++ b/locale/setlocale.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1991, 1992, 1995, 1996, 1997 Free Software Foundation, Inc. +/* Copyright (C) 1991, 92, 95, 96, 97, 98 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -360,7 +360,7 @@ setlocale (int category, const char *locale) /* We must not simply free a global locale since we have no control over the usage. So we mark it as un-deletable. - Note: do ont remove the `if', it's necessary to copy with + Note: do not remove the `if', it's necessary to copy with the builtin locale data. */ if (newdata->usage_count != UNDELETABLE) newdata->usage_count = UNDELETABLE; diff --git a/malloc/malloc.c b/malloc/malloc.c index 4306a0a..9c99c67 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -2555,7 +2555,7 @@ malloc_extend_top(ar_ptr, nb) arena *ar_ptr; INTERNAL_SIZE_T nb; mallocs with other sbrk calls. - All allocations are made from the the `lowest' part of any found + All allocations are made from the `lowest' part of any found chunk. (The implementation invariant is that prev_inuse is always true of any allocated chunk; i.e., that each allocated chunk borders either a previously allocated and still in-use chunk, diff --git a/manual/arith.texi b/manual/arith.texi index 9db50cf..ec16b7a 100644 --- a/manual/arith.texi +++ b/manual/arith.texi @@ -78,7 +78,7 @@ handle values like this. Beside @code{INFINITY} also the value @code{-INFINITY} is representable and it is handled differently if needed. It is possible to test a value for infiniteness using a simple comparison but the -recommended way is to use the the @code{isinf} function. +recommended way is to use the @code{isinf} function. This macro was introduced in the @w{ISO C 9X} standard. @end deftypevr diff --git a/manual/conf.texi b/manual/conf.texi index 86e29a8..529c3ad 100644 --- a/manual/conf.texi +++ b/manual/conf.texi @@ -1623,7 +1623,7 @@ to the application if a source is compiled using the @comment Unix98 @item _CS_LFS_LINTFLAGS The returned string specifies which additional flags must be given to -the the lint tool if a source is compiled using the +the lint tool if a source is compiled using the @code{_LARGEFILE_SOURCE} feature select macro; @pxref{Feature Test Macros}. @comment unistd.h @@ -1651,7 +1651,7 @@ to the application if a source is compiled using the @comment Unix98 @item _CS_LFS64_LINTFLAGS The returned string specifies which additional flags must be given to -the the lint tool if a source is compiled using the +the lint tool if a source is compiled using the @code{_LARGEFILE64_SOURCE} feature select macro; @pxref{Feature Test Macros}. @end table diff --git a/manual/filesys.texi b/manual/filesys.texi index 4ae13dc..d9f4d50 100644 --- a/manual/filesys.texi +++ b/manual/filesys.texi @@ -780,7 +780,7 @@ file does not copy the contents of the file; it simply makes a new name by which the file can be known, in addition to the file's existing name or names. -One file can have names in several directories, so the the organization +One file can have names in several directories, so the organization of the file system is not a strict hierarchy or tree. In most implementations, it is not possible to have hard links to the diff --git a/manual/io.texi b/manual/io.texi index aa9e21c..e43685f 100644 --- a/manual/io.texi +++ b/manual/io.texi @@ -327,7 +327,7 @@ The process does not have search permission for a directory component of the file name. @item ENAMETOOLONG -This error is used when either the the total length of a file name is +This error is used when either the total length of a file name is greater than @code{PATH_MAX}, or when an individual file name component has a length greater than @code{NAME_MAX}. @xref{Limits for Files}. diff --git a/manual/llio.texi b/manual/llio.texi index c31a5cf..9895615 100644 --- a/manual/llio.texi +++ b/manual/llio.texi @@ -1025,7 +1025,7 @@ This macro removes @var{filedes} from the file descriptor set @var{set}. @comment BSD @deftypefn Macro int FD_ISSET (int @var{filedes}, fd_set *@var{set}) This macro returns a nonzero value (true) if @var{filedes} is a member -of the the file descriptor set @var{set}, and zero (false) otherwise. +of the file descriptor set @var{set}, and zero (false) otherwise. @end deftypefn Next, here is the description of the @code{select} function itself. diff --git a/manual/math.texi b/manual/math.texi index 28cc4a5..c184192 100644 --- a/manual/math.texi +++ b/manual/math.texi @@ -1786,7 +1786,7 @@ congruential formula. From the seven elements in the array @var{param} the least significant 16 bits of the entries @code{@var{param}[0]} to @code{@var{param}[2]} -determine the the initial state, the least 16 bits of +determine the initial state, the least 16 bits of @code{@var{param}[3]} to @code{@var{param}[5]} determine the 48 bit constant @code{a} and @code{@var{param}[6]} determines the 16 bit value @code{c}. diff --git a/manual/message.texi b/manual/message.texi index 3c8650f..cc57439 100644 --- a/manual/message.texi +++ b/manual/message.texi @@ -460,7 +460,7 @@ these source files to learn about the file format. The @code{gencat} program is specified in the X/Open standard and the GNU implementation follows this specification and so allows to process all correctly formed input files. Additionally some extension are -implemented which help to work in a more reasonable way with the the +implemented which help to work in a more reasonable way with the @code{catgets} functions. The @code{gencat} program can be invoked in two ways: diff --git a/manual/signal.texi b/manual/signal.texi index dd1666c..609e756 100644 --- a/manual/signal.texi +++ b/manual/signal.texi @@ -720,7 +720,7 @@ support, see @ref{Special Characters}. @comment signal.h @comment POSIX.1 @deftypevr Macro int SIGTTIN -A process cannot read from the the user's terminal while it is running +A process cannot read from the user's terminal while it is running as a background job. When any process in a background job tries to read from the terminal, all of the processes in the job are sent a @code{SIGTTIN} signal. The default action for this signal is to diff --git a/manual/users.texi b/manual/users.texi index d2b3b8d..824b8ea 100644 --- a/manual/users.texi +++ b/manual/users.texi @@ -1002,7 +1002,7 @@ for an entry that matches @var{id}. If the @code{ut_type} member of the @code{OLD_TIME} or @code{NEW_TIME} the entries match if the @code{ut_type} members are identical. If the @code{ut_type} member of the @var{id} structure is @code{INIT_PROCESS}, @code{LOGIN_PROCESS}, -@code{USER_PROCESS} or @code{DEAD_PROCESS}, the entries match if the the +@code{USER_PROCESS} or @code{DEAD_PROCESS}, the entries match if the @code{ut_type} member of the entry read from the database is one of these four, and the @code{ut_id} members match. However if the @code{ut_id} member of either the @var{id} structure or the entry read diff --git a/math/math.h b/math/math.h index fe7f46f..704d499 100644 --- a/math/math.h +++ b/math/math.h @@ -135,7 +135,7 @@ extern int signgam; FP_FAST_FMA FP_FAST_FMAF FP_FAST_FMAL - If defined it indicates that the the `fma' function + If defined it indicates that the `fma' function generally executes about as fast as a multiply and an add. This macro is defined only iff the `fma' function is implemented directly with a hardware multiply-add instructions. diff --git a/posix/unistd.h b/posix/unistd.h index 78f891f..604b2a3 100644 --- a/posix/unistd.h +++ b/posix/unistd.h @@ -689,7 +689,7 @@ extern __pid_t fork __P ((void)); #if defined __USE_BSD || defined __USE_XOPEN_EXTENDED /* Clone the calling process, but without copying the whole address space. - The the calling process is suspended until the the new process exits or is + The calling process is suspended until the the new process exits or is replaced by a call to `execve'. Return -1 for errors, 0 to the new process, and the process ID of the new process to the old process. */ extern __pid_t __vfork __P ((void)); diff --git a/sysdeps/arm/strlen.S b/sysdeps/arm/strlen.S index 9acef4f..0e360e2 100644 --- a/sysdeps/arm/strlen.S +++ b/sysdeps/arm/strlen.S @@ -31,11 +31,19 @@ ENTRY(strlen) rsb r0, r3, $0 @ get - that number into counter. beq Laligned @ skip into main check routine if no @ more +#ifdef __ARMEB__ orr r2, r2, $0xff000000 @ set this byte to non-zero subs r3, r3, $1 @ any more to do? orrgt r2, r2, $0x00ff0000 @ if so, set this byte subs r3, r3, $1 @ more? orrgt r2, r2, $0x0000ff00 @ then set. +#else + orr r2, r2, $0x000000ff @ set this byte to non-zero + subs r3, r3, $1 @ any more to do? + orrgt r2, r2, $0x0000ff00 @ if so, set this byte + subs r3, r3, $1 @ more? + orrgt r2, r2, $0x00ff0000 @ then set. +#endif Laligned: @ here, we have a word in r2. Does it tst r2, $0x000000ff @ contain any zeroes? tstne r2, $0x0000ff00 @ diff --git a/sysdeps/arm/sysdep.h b/sysdeps/arm/sysdep.h index 28dd402..eeef7aa 100644 --- a/sysdeps/arm/sysdep.h +++ b/sysdeps/arm/sysdep.h @@ -25,8 +25,7 @@ #ifdef HAVE_ELF -/* ELF uses byte-counts for .align, most others use log2 of count of bytes. */ -#define ALIGNARG(log2) 1<<log2 +#define ALIGNARG(log2) log2 /* For ELF we need the `.type' directive to make shared libs work right. */ #define ASM_TYPE_DIRECTIVE(name,typearg) .type name,%##typearg; #define ASM_SIZE_DIRECTIVE(name) .size name,.-name diff --git a/sysdeps/unix/arm/sysdep.S b/sysdeps/unix/arm/sysdep.S index c1da525..5795f5e 100644 --- a/sysdeps/unix/arm/sysdep.S +++ b/sysdeps/unix/arm/sysdep.S @@ -43,7 +43,7 @@ syscall_error: #ifdef _LIBC_REENTRANT stmdb sp!, {r0, lr} /* put another copy of r0 at a specific errno location */ - bl __errno_location + bl C_SYMBOL_NAME(__errno_location) ldmia sp!, {r1, lr} str r1, [r0] #endif diff --git a/sysdeps/unix/bsd/hp/m68k/vfork.S b/sysdeps/unix/bsd/hp/m68k/vfork.S index dc11373..18519ab 100644 --- a/sysdeps/unix/bsd/hp/m68k/vfork.S +++ b/sysdeps/unix/bsd/hp/m68k/vfork.S @@ -23,7 +23,7 @@ #endif /* Clone the calling process, but without copying the whole address space. - The the calling process is suspended until the the new process exits or is + The calling process is suspended until the the new process exits or is replaced by a call to `execve'. Return -1 for errors, 0 to the new process, and the process ID of the new process to the old process. */ .globl ___vfork diff --git a/sysdeps/unix/bsd/sun/m68k/vfork.S b/sysdeps/unix/bsd/sun/m68k/vfork.S index 4de48b7..e26466b 100644 --- a/sysdeps/unix/bsd/sun/m68k/vfork.S +++ b/sysdeps/unix/bsd/sun/m68k/vfork.S @@ -23,7 +23,7 @@ #endif /* Clone the calling process, but without copying the whole address space. - The the calling process is suspended until the the new process exits or is + The calling process is suspended until the the new process exits or is replaced by a call to `execve'. Return -1 for errors, 0 to the new process, and the process ID of the new process to the old process. */ .globl ___vfork diff --git a/sysdeps/unix/bsd/vax/vfork.S b/sysdeps/unix/bsd/vax/vfork.S index ba670ac..b132a67 100644 --- a/sysdeps/unix/bsd/vax/vfork.S +++ b/sysdeps/unix/bsd/vax/vfork.S @@ -23,7 +23,7 @@ #endif /* Clone the calling process, but without copying the whole address space. - The the calling process is suspended until the the new process exits or is + The calling process is suspended until the the new process exits or is replaced by a call to `execve'. Return -1 for errors, 0 to the new process, and the process ID of the new process to the old process. */ .globl ___vfork diff --git a/sysdeps/unix/sysv/linux/arm/socket.S b/sysdeps/unix/sysv/linux/arm/socket.S index 1ebec9c..b51d887 100644 --- a/sysdeps/unix/sysv/linux/arm/socket.S +++ b/sysdeps/unix/sysv/linux/arm/socket.S @@ -35,10 +35,26 @@ #define __socket P(__,socket) #endif +#define PUSHARGS_1 stmfd ip!, {a1} +#define PUSHARGS_2 stmfd ip!, {a1, a2} +#define PUSHARGS_3 stmfd ip!, {a1, a2, a3} +#define PUSHARGS_4 stmfd ip!, {a1, a2, a3, a4} +#define PUSHARGS_5 stmfd ip!, {a1, a2, a3, a4} /* Caller has already pushed arg 5 */ +#define PUSHARGS_6 stmfd ip!, {a1, a2, a3, a4} + +#ifndef NARGS +#define NARGS 3 /* If we were called with no wrapper, this is really socket() */ +#endif + .globl __socket ENTRY (__socket) + /* Push args onto the stack. */ + mov ip, sp + P(PUSHARGS_,NARGS) /* Do the system call trap. */ + mov a1, $P(SOCKOP_,socket) + mov a2, ip swi SYS_ify(socketcall) /* r0 is < 0 if there was an error. */ @@ -46,7 +62,7 @@ ENTRY (__socket) bhs PLTJMP(syscall_error) /* Successful; return the syscall's value. */ - RETINSTR(mov,pc,r14) + ret PSEUDO_END (__socket) |