diff options
| author | Frank Ch. Eigler <fche@redhat.com> | 2009-09-22 16:17:50 +0000 |
|---|---|---|
| committer | Frank Ch. Eigler <fche@gcc.gnu.org> | 2009-09-22 16:17:50 +0000 |
| commit | 5d0001f01521eb923c16cd69c807c655ae9acb54 (patch) | |
| tree | 915871f786aef584174d4a4ecfbc78dd8d483e49 /libmudflap | |
| parent | e0601576f7e369ca48ac2b7e64f9a327fac33a4f (diff) | |
| download | gcc-5d0001f01521eb923c16cd69c807c655ae9acb54.zip gcc-5d0001f01521eb923c16cd69c807c655ae9acb54.tar.gz gcc-5d0001f01521eb923c16cd69c807c655ae9acb54.tar.bz2 | |
re PR libmudflap/41433 (security: mudflap accepts environment variables if setuid)
2009-09-22 Frank Ch. Eigler <fche@redhat.com>
PR libmudflap/41433
* mf-runtime.c (__mf_init): Ignore $MUDFLAP_OPTIONS if
running setuid or setgid.
From-SVN: r152026
Diffstat (limited to 'libmudflap')
| -rw-r--r-- | libmudflap/ChangeLog | 6 | ||||
| -rw-r--r-- | libmudflap/mf-runtime.c | 13 |
2 files changed, 17 insertions, 2 deletions
diff --git a/libmudflap/ChangeLog b/libmudflap/ChangeLog index e51c109..f65cf2a 100644 --- a/libmudflap/ChangeLog +++ b/libmudflap/ChangeLog @@ -1,3 +1,9 @@ +2009-09-22 Frank Ch. Eigler <fche@redhat.com> + + PR libmudflap/41433 + * mf-runtime.c (__mf_init): Ignore $MUDFLAP_OPTIONS if + running setuid or setgid. + 2009-09-01 Loren J. Rittle <ljrittle@acm.org> * mf-runtime.c (__mf_init): Support FreeBSD. diff --git a/libmudflap/mf-runtime.c b/libmudflap/mf-runtime.c index 3bfaf02..08a50c2 100644 --- a/libmudflap/mf-runtime.c +++ b/libmudflap/mf-runtime.c @@ -303,6 +303,14 @@ __mf_set_default_options () #ifdef LIBMUDFLAPTH __mf_opts.thread_stack = 0; #endif + + /* PR41443: Beware that the above flags will be applied to + setuid/setgid binaries, and cannot be overriden with + $MUDFLAP_OPTIONS. So the defaults must be non-exploitable. + + Should we consider making the default violation_mode something + harsher than viol_nop? OTOH, glibc's MALLOC_CHECK_ is disabled + by default for these same programs. */ } static struct mudoption @@ -442,7 +450,7 @@ __mf_usage () "This is a %s%sGCC \"mudflap\" memory-checked binary.\n" "Mudflap is Copyright (C) 2002-2009 Free Software Foundation, Inc.\n" "\n" - "The mudflap code can be controlled by an environment variable:\n" + "Unless setuid, a program's mudflap options be set by an environment variable:\n" "\n" "$ export MUDFLAP_OPTIONS='<options>'\n" "$ <mudflapped_program>\n" @@ -711,7 +719,8 @@ __mf_init () __mf_set_default_options (); - ov = getenv ("MUDFLAP_OPTIONS"); + if (getuid () == geteuid () && getgid () == getegid ()) /* PR41433, not setuid */ + ov = getenv ("MUDFLAP_OPTIONS"); if (ov) { int rc = __mfu_set_options (ov); |