diff options
author | Patrick 'P. J.' McDermott <pj@pehjota.net> | 2013-09-11 23:13:36 -0400 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2013-10-14 01:57:46 -0400 |
commit | 94bf958a9435b8d8fbf92c15d8cd5d310029a22c (patch) | |
tree | 5b7d470cf9375acd4f7d1e5ee1711a65f9ac64e2 | |
parent | 0abe1dd5368a91601dabcda484ecd873a5789497 (diff) | |
download | glibc-94bf958a9435b8d8fbf92c15d8cd5d310029a22c.zip glibc-94bf958a9435b8d8fbf92c15d8cd5d310029a22c.tar.gz glibc-94bf958a9435b8d8fbf92c15d8cd5d310029a22c.tar.bz2 |
ldd: make try_trace more robust and portable
It was noted in 2005 (BZ #832), 2006 (BZ #3266), and 2007 [1] that ldd
fails on shells other than Bash >= 3.0 because of the pipefail option
around try_trace (added on 2004-12-08). EGLIBC was patched in 2008 [2]
(r6912) to make the pipefail check run only on shells that support it,
but RTLD output would still be lost on other shells with certain SELinux
policies.
This patch rewrites try_trace to work on any POSIX-conformant shell in
such a way as to also work with such SELinux policies. It also obviates
one difference between glibc and EGLIBC.
URL: https://sourceware.org/ml/libc-alpha/2007-01/msg00041.html
URL: http://www.eglibc.org/archives/patches/msg00526.html
2013-09-11 P. J. McDermott <pj@pehjota.net>
[BZ #832]
* elf/ldd.bash.in (try_trace): More robustly and portably work around
SELinux terminal write permissions by using a command substitution
instead of a pipeline and pipefail option.
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | NEWS | 13 | ||||
-rw-r--r-- | elf/ldd.bash.in | 25 |
3 files changed, 24 insertions, 20 deletions
@@ -1,3 +1,9 @@ +2013-10-14 P. J. McDermott <pj@pehjota.net> + + [BZ #832] + * elf/ldd.bash.in (try_trace): New function. Delete previous code + testing pipefail option. + 2013-10-12 Joseph Myers <joseph@codesourcery.com> * soft-fp/double.h: Indent preprocessor directives inside #if. @@ -9,13 +9,12 @@ Version 2.19 * The following bugs are resolved with this release: - 156, 431, 13982, 13985, 14155, 14547, 14699, 14910, 15048, 15362, 15400, - 15427, 15522, 15531, 15532, 15608, 15609, 15610, 15632, 15640, 15680, - 15681, 15723, 15734, 15735, 15736, 15748, 15749, 15754, 15760, 15764, - 15797, 15844, 15847, 15849, 15855, 15856, 15857, 15859, 15867, 15886, - 15887, 15890, 15892, 15893, 15895, 15897, 15905, 15909, 15919, 15921, - 15887, 15890, 15892, 15893, 15895, 15897, 15905, 15909, 15919, 15921, - 15923, 15939, 15963, 15966, 15988, 16032, 16034, 16036. + 156, 431, 832, 13982, 13985, 14155, 14547, 14699, 14910, 15048, 15362, + 15400, 15427, 15522, 15531, 15532, 15608, 15609, 15610, 15632, 15640, + 15680, 15681, 15723, 15734, 15735, 15736, 15748, 15749, 15754, 15760, + 15764, 15797, 15844, 15847, 15849, 15855, 15856, 15857, 15859, 15867, + 15886, 15887, 15890, 15892, 15893, 15895, 15897, 15905, 15909, 15919, + 15921, 15923, 15939, 15963, 15966, 15988, 16032, 16034, 16036. * CVE-2012-4412 The strcoll implementation caches indices and rules for large collation sequences to optimize multiple passes. This cache diff --git a/elf/ldd.bash.in b/elf/ldd.bash.in index 39aeca2..c4a1a15 100644 --- a/elf/ldd.bash.in +++ b/elf/ldd.bash.in @@ -106,19 +106,18 @@ if test "$unused" = yes; then add_env="$add_env LD_DEBUG=\"$LD_DEBUG${LD_DEBUG:+,}unused\"" fi -# The following use of cat is needed to make ldd work in SELinux -# environments where the executed program might not have permissions -# to write to the console/tty. But only bash 3.x supports the pipefail -# option, and we don't bother to handle the case for older bash versions. -if set -o pipefail 2> /dev/null; then - try_trace() { - eval $add_env '"$@"' | cat - } -else - try_trace() { - eval $add_env '"$@"' - } -fi +# The following command substitution is needed to make ldd work in SELinux +# environments where the RTLD might not have permission to write to the +# terminal. The extra "x" character prevents the shell from trimming trailing +# newlines from command substitution results. This function is defined as a +# subshell compound list (using "(...)") to prevent parameter assignments from +# affecting the calling shell execution environment. +try_trace() ( + output=$(eval $add_env '"$@"' 2>&1; rc=$?; printf 'x'; exit $rc) + rc=$? + printf '%s' "${output%x}" + return $rc +) case $# in 0) |