aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog26
-rw-r--r--db/makedb.c325
-rw-r--r--elf/Makefile5
-rw-r--r--elf/dl-load.c2
-rw-r--r--elf/dl-support.c3
-rw-r--r--elf/rtld.c49
-rw-r--r--posix/unistd.h8
-rw-r--r--sunrpc/rpc/auth.h5
-rw-r--r--sunrpc/rpc/auth_unix.h6
-rw-r--r--sunrpc/rpc/pmap_clnt.h5
-rw-r--r--sunrpc/rpc/pmap_rmt.h5
-rw-r--r--sunrpc/rpc/rpc_msg.h11
-rw-r--r--sysdeps/generic/dl-sysdep.c2
-rw-r--r--sysdeps/generic/enbl-secure.c34
-rw-r--r--sysdeps/mach/hurd/dl-sysdep.c2
15 files changed, 424 insertions, 64 deletions
diff --git a/ChangeLog b/ChangeLog
index ee3ebc5..2c67cff 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,29 @@
+Sat Jul 27 13:02:09 1996 Ulrich Drepper <drepper@cygnus.com>
+
+ * elf/rtld.c (dl_main): Ignore arguments when environment variable
+ LD_TRACE_LOADED_OBJECTS is set.
+
+Sun Jul 28 19:42:51 1996 Roland McGrath <roland@delasyd.gnu.ai.mit.edu>
+
+ * sysdeps/generic/dl-sysdep.c (_dl_sysdep_start): Initialize
+ __libc_enable_secure instead of _dl_secure.
+ * sysdeps/mach/hurd/dl-sysdep.c (_dl_sysdep_start): Likewise.
+ * elf/dl-load.c (_dl_map_object): Check __libc_enable_secure instead
+ of _dl_secure.
+ * elf/Makefile (routines): Add enbl-secure.
+ (elide-routines.so): Here too.
+ * sysdeps/generic/enbl-secure.c: New file.
+ * posix/unistd.h [__USE_GNU]: Declare `__libc_enable_secure' flag.
+ * elf/dl-support.c (_dl_secure): Variable removed.
+ * elf/rtld.c: Likewise. Replace all uses with __libc_enable_secure.
+
+Sun Jul 28 19:26:40 1996 David S. Miller <dm@neteng.engr.sgi.com>
+
+ * sysdeps/mips/dl-machine.h (ELF_MACHINE_RUNTIME_TRAMPOLINE):
+ Declare _dl_runtime_resolve with __attribute__ ((unused)) so the
+ compiler doesn't elide it.
+ (elf_machine_rel): Follow Jul 14 change in sysdeps/i386/dl-machine.h.
+
Sat Jul 27 02:58:49 1996 Roland McGrath <roland@delasyd.gnu.ai.mit.edu>
* elf/rtld.c (dl_main): Take new option --verify when run directly.
diff --git a/db/makedb.c b/db/makedb.c
new file mode 100644
index 0000000..b1ed982
--- /dev/null
+++ b/db/makedb.c
@@ -0,0 +1,325 @@
+/* makedb -- create simple DB database from textual input.
+Copyright (C) 1996 Free Software Foundation, Inc.
+This file is part of the GNU C Library.
+Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.
+
+The GNU C Library is free software; you can redistribute it and/or
+modify it under the terms of the GNU Library General Public License as
+published by the Free Software Foundation; either version 2 of the
+License, or (at your option) any later version.
+
+The GNU C Library is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+Library General Public License for more details.
+
+You should have received a copy of the GNU Library General Public
+License along with the GNU C Library; see the file COPYING.LIB. If
+not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+Boston, MA 02111-1307, USA. */
+
+#include <db.h>
+#include <ctype.h>
+#include <errno.h>
+#include <error.h>
+#include <fcntl.h>
+#include <getopt.h>
+#include <libintl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+/* Get libc version number. */
+#include "../version.h"
+
+
+/* Long options. */
+static const struct option long_options[] =
+{
+ { "help", no_argument, NULL, 'h' },
+ { "fold-case", no_argument, NULL, 'f' },
+ { "output", required_argument, NULL, 'o' },
+ { "undo", no_argument, NULL, 'u' },
+ { "version", no_argument, NULL, 'V' },
+ { NULL, }
+};
+
+/* Prototypes for local functions. */
+static void usage __P ((int status)) __attribute__ ((noreturn));
+static int process_input __P ((FILE *input, const char *inname, DB *output,
+ int to_lowercase));
+static int print_database __P ((DB *db));
+
+
+int
+main (argc, argv)
+ int argc;
+ char *argv[];
+{
+ const char *output_name;
+ const char *input_name;
+ FILE *input_file;
+ DB *db_file;
+ int do_help;
+ int do_version;
+ int to_lowercase;
+ int do_undo;
+ int status;
+ int opt;
+
+ /* Set locale via LC_ALL. */
+ setlocale (LC_ALL, "");
+
+ /* Set the text message domain. */
+ textdomain (_libc_intl_domainname);
+
+ /* Initialize local variables. */
+ do_help = 0;
+ do_version = 0;
+ to_lowercase = 0;
+ do_undo = 0;
+ output_name = NULL;
+
+ while ((opt = getopt_long (argc, argv, "fho:uV", long_options, NULL)) != EOF)
+ switch (opt)
+ {
+ case '\0': /* Long option. */
+ break;
+ case 'h':
+ do_help = 1;
+ break;
+ case 'f':
+ to_lowercase = 1;
+ break;
+ case 'o':
+ output_name = optarg;
+ break;
+ case 'u':
+ do_undo = 1;
+ break;
+ case 'V':
+ do_version = 1;
+ break;
+ default:
+ usage (EXIT_FAILURE);
+ }
+
+ /* Version information is requested. */
+ if (do_version)
+ printf ("%s - GNU %s %s\n", program_invocation_name, "libc", VERSION);
+
+ /* Help is requested. */
+ if (do_help)
+ usage (EXIT_SUCCESS);
+ else if (do_version)
+ exit (EXIT_SUCCESS);
+
+ /* Determine file names. */
+ if (do_undo || output_name != NULL)
+ {
+ if (optind + 1 != argc)
+ {
+ wrong_arguments:
+ error (0, 0, gettext ("wrong number of arguments"));
+ usage (EXIT_FAILURE);
+ }
+ input_name = argv[optind];
+ }
+ else
+ {
+ if (optind + 2 != argc)
+ goto wrong_arguments;
+
+ input_name = argv[optind++];
+ output_name = argv[optind];
+ }
+
+ /* Special handling if we are asked to print the database. */
+ if (do_undo)
+ {
+ db_file = dbopen (input_name, O_RDONLY, 0666, DB_BTREE, NULL);
+ if (db_file == NULL)
+ error (EXIT_FAILURE, 0, gettext ("cannot open database file `%s': %s"),
+ input_name,
+ errno == EFTYPE ? gettext ("incorrectly formatted file")
+ : strerror (errno));
+
+ status = print_database (db_file);
+
+ db_file->close (db_file);
+
+ return status;
+ }
+
+ /* Open input file. */
+ if (strcmp (input_name, "-") == 0 || strcmp (input_name, "/dev/stdin") == 0)
+ input_file = stdin;
+ else
+ {
+ input_file = fopen (input_name, "r");
+ if (input_file == NULL)
+ error (EXIT_FAILURE, errno, gettext ("cannot open input file `%s'"),
+ input_name);
+ }
+
+ /* Open output file. This must not be standard output so we don't
+ handle "-" and "/dev/stdout" special. */
+ db_file = dbopen (output_name, O_CREAT | O_RDWR | O_TRUNC, 0666,
+ DB_BTREE, NULL);
+ if (db_file == NULL)
+ error (EXIT_FAILURE, errno, gettext ("cannot open output file `%s'"));
+
+ /* Start the real work. */
+ status = process_input (input_file, input_name, db_file, to_lowercase);
+
+ /* Close files. */
+ if (input_file != stdin)
+ fclose (input_file);
+ db_file->close (db_file);
+
+ return status;
+}
+
+
+static void
+usage (status)
+ int status;
+{
+ if (status != EXIT_SUCCESS)
+ fprintf (stderr, gettext ("Try `%s --help' for more information.\n"),
+ program_invocation_name);
+ else
+ printf (gettext ("\
+Usage: %s [OPTION]... INPUT-FILE OUTPUT-FILE\n\
+ %s [OPTION]... -o OUTPUT-FILE INPUT-FILE\n\
+ %s [OPTION]... -u INPUT-FILE\n\
+Mandatory arguments to long options are mandatory for short options too.\n\
+ -f, --fold-case convert key to lower case\n\
+ -h, --help display this help and exit\n\
+ -o, --output=NAME write output to file NAME\n\
+ -u, --undo print content of database file, one entry a line\n\
+ -V, --version output version information and exit\n\
+If INPUT-FILE is -, input is read from standard input.\n"),
+ program_invocation_name, program_invocation_name,
+ program_invocation_name);
+
+ exit (status);
+}
+
+
+static int
+process_input (input, inname, output, to_lowercase)
+ FILE *input;
+ const char *inname;
+ DB *output;
+ int to_lowercase;
+{
+ char *line;
+ size_t linelen;
+ int status;
+ size_t linenr;
+
+ line = NULL;
+ linelen = 0;
+ status = EXIT_SUCCESS;
+ linenr = 0;
+
+ while (!feof (input))
+ {
+ DBT key;
+ DBT val;
+ char *cp;
+ int n;
+
+ n = getline (&line, &linelen, input);
+ if (n < 0)
+ /* This means end of file or some bug. */
+ break;
+ if (n == 0)
+ /* Short read. Probably interrupted system call. */
+ continue;
+
+ ++linenr;
+
+ if (line[n - 1] == '\n')
+ /* Remove trailing newline. */
+ line[--n] = '\0';
+
+ cp = line;
+ while (isspace (*cp))
+ ++cp;
+
+ if (*cp == '#')
+ /* First non-space character in line '#': it's a comment. */
+ continue;
+
+ key.data = cp;
+ while (*cp != '\0' && !isspace (*cp))
+ {
+ if (to_lowercase)
+ *cp = tolower (*cp);
+ ++cp;
+ }
+
+ if (key.data == cp)
+ /* It's an empty line. */
+ continue;
+
+ key.size = cp - (char *) key.data;
+
+ while (isspace (*cp))
+ ++cp;
+
+ val.data = cp;
+ val.size = &line[n] - cp;
+
+ /* Store the value. */
+ status = output->put (output, &key, &val, R_NOOVERWRITE);
+ if (status != 0)
+ {
+ if (status == 1)
+ error_at_line (0, 0, inname, linenr, gettext ("duplicate key"));
+ else
+ error (0, errno, gettext ("while writing data base file"));
+
+ status = EXIT_FAILURE;
+ clearerr (input);
+ break;
+ }
+ }
+
+ if (ferror (input))
+ {
+ error (0, 0, gettext ("problems while reading `%s'"));
+ status = EXIT_FAILURE;
+ }
+
+ return status;
+}
+
+
+static int
+print_database (db)
+ DB *db;
+{
+ DBT key;
+ DBT val;
+ int no_more;
+
+ no_more = db->seq (db, &key, &val, R_FIRST);
+ while (!no_more)
+ {
+ printf ("%.*s %.*s\n", (int) key.size, (char *) key.data, (int) val.size,
+ (char *) val.data);
+
+ no_more = db->seq (db, &key, &val, R_NEXT);
+ }
+
+ if (no_more == -1)
+ {
+ error (0, errno, gettext ("while reading database"));
+ return EXIT_FAILURE;
+ }
+
+ return EXIT_SUCCESS;
+}
diff --git a/elf/Makefile b/elf/Makefile
index 44c510a..a19a8b4 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -21,14 +21,15 @@
subdir := elf
headers = elf.h elfclass.h link.h dlfcn.h
-routines = $(dl-routines) dl-open dl-close dl-symbol dl-support
+routines = $(dl-routines) dl-open dl-close dl-symbol dl-support \
+ enbl-secure
# The core dynamic linking functions are in libc for the static and
# profiled libraries.
dl-routines = $(addprefix dl-,load cache lookup object reloc deps \
runtime error init fini debug)
# But they are absent from the shared libc, because that code is in ld.so.
-elide-routines.so = $(dl-routines) dl-support
+elide-routines.so = $(dl-routines) dl-support enbl-secure
# ld.so uses those routines, plus some special stuff for being the program
# interpreter and operating independent of libc.
diff --git a/elf/dl-load.c b/elf/dl-load.c
index fc27332..8ccc838 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -511,7 +511,7 @@ _dl_map_object (struct link_map *loader, const char *name, int type)
l->l_info[DT_STRTAB]->d_un.d_ptr +
l->l_info[DT_RPATH]->d_un.d_val));
/* Try an environment variable (unless setuid). */
- if (fd == -1 && ! _dl_secure)
+ if (fd == -1 && ! __libc_enable_secure)
trypath (getenv ("LD_LIBRARY_PATH"));
if (fd == -1)
{
diff --git a/elf/dl-support.c b/elf/dl-support.c
index b85d470..50ebfbf 100644
--- a/elf/dl-support.c
+++ b/elf/dl-support.c
@@ -24,8 +24,6 @@ Cambridge, MA 02139, USA. */
/* This file defines some things that for the dynamic linker are defined in
rtld.c and dl-sysdep.c in ways appropriate to bootstrap dynamic linking. */
-int _dl_secure; /* Always honor LD_LIBRARY_PATH. */
-
extern char *__progname;
char **_dl_argv = &__progname; /* This is checked for some error messages. */
@@ -48,4 +46,3 @@ _dl_sysdep_fatal (void)
{
assert (! "_dl_sysdep_fatal called");
}
-
diff --git a/elf/rtld.c b/elf/rtld.c
index 35a94b2..3657efd 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -30,7 +30,7 @@ Cambridge, MA 02139, USA. */
/* System-specific function to do initial startup for the dynamic linker.
After this, file access calls and getenv must work. This is responsible
- for setting _dl_secure if we need to be secure (e.g. setuid),
+ for setting __libc_enable_secure if we need to be secure (e.g. setuid),
and for setting _dl_argc and _dl_argv, and then calling _dl_main. */
extern ElfW(Addr) _dl_sysdep_start (void **start_argptr,
void (*dl_main) (const ElfW(Phdr) *phdr,
@@ -38,7 +38,6 @@ extern ElfW(Addr) _dl_sysdep_start (void **start_argptr,
ElfW(Addr) *user_entry));
extern void _dl_sysdep_start_cleanup (void);
-int _dl_secure;
int _dl_argc;
char **_dl_argv;
const char *_dl_rpath;
@@ -269,7 +268,7 @@ of this helper program; chances are you did not intend to run this program.\n",
preloads = NULL;
npreloads = 0;
- if (! _dl_secure)
+ if (! __libc_enable_secure)
{
const char *preloadlist = getenv ("LD_PRELOAD");
if (preloadlist)
@@ -340,10 +339,7 @@ of this helper program; chances are you did not intend to run this program.\n",
}
}
- if (mode == normal && getenv ("LD_TRACE_LOADED_OBJECTS") != NULL)
- mode = list;
-
- if (mode != normal)
+ if (mode != normal || getenv ("LD_TRACE_LOADED_OBJECTS") != NULL)
{
/* We were run just to list the shared libraries. It is
important that we do this before real relocation, because the
@@ -366,29 +362,30 @@ of this helper program; chances are you did not intend to run this program.\n",
" (0x", bp, ")\n", NULL);
}
- for (i = 1; i < _dl_argc; ++i)
- {
- const ElfW(Sym) *ref = NULL;
- ElfW(Addr) loadbase = _dl_lookup_symbol (_dl_argv[i], &ref,
- &_dl_default_scope[2],
- "argument", 0, 0);
- char buf[20], *bp;
- buf[sizeof buf - 1] = '\0';
- bp = _itoa (ref->st_value, &buf[sizeof buf - 1], 16, 0);
- while (&buf[sizeof buf - 1] - bp < sizeof loadbase * 2)
- *--bp = '0';
- _dl_sysdep_message (_dl_argv[i], " found at 0x", bp, NULL);
- buf[sizeof buf - 1] = '\0';
- bp = _itoa (loadbase, &buf[sizeof buf - 1], 16, 0);
- while (&buf[sizeof buf - 1] - bp < sizeof loadbase * 2)
- *--bp = '0';
- _dl_sysdep_message (" in object at 0x", bp, "\n", NULL);
- }
+ if (mode != normal)
+ for (i = 1; i < _dl_argc; ++i)
+ {
+ const ElfW(Sym) *ref = NULL;
+ ElfW(Addr) loadbase = _dl_lookup_symbol (_dl_argv[i], &ref,
+ &_dl_default_scope[2],
+ "argument", 0, 0);
+ char buf[20], *bp;
+ buf[sizeof buf - 1] = '\0';
+ bp = _itoa (ref->st_value, &buf[sizeof buf - 1], 16, 0);
+ while (&buf[sizeof buf - 1] - bp < sizeof loadbase * 2)
+ *--bp = '0';
+ _dl_sysdep_message (_dl_argv[i], " found at 0x", bp, NULL);
+ buf[sizeof buf - 1] = '\0';
+ bp = _itoa (loadbase, &buf[sizeof buf - 1], 16, 0);
+ while (&buf[sizeof buf - 1] - bp < sizeof loadbase * 2)
+ *--bp = '0';
+ _dl_sysdep_message (" in object at 0x", bp, "\n", NULL);
+ }
_exit (0);
}
- lazy = !_dl_secure && *(getenv ("LD_BIND_NOW") ?: "") == '\0';
+ lazy = !__libc_enable_secure && *(getenv ("LD_BIND_NOW") ?: "") == '\0';
{
/* Now we have all the objects loaded. Relocate them all except for
diff --git a/posix/unistd.h b/posix/unistd.h
index 1247728..424cedd 100644
--- a/posix/unistd.h
+++ b/posix/unistd.h
@@ -776,6 +776,14 @@ extern int lockf __P ((int __fd, int __cmd, __off_t __len));
while (__result == -1L && errno == EINTR); \
__result; })) \
+
+/* This variable is set nonzero at startup if the process's effective IDs
+ differ from its real IDs, or it is otherwise indicated that extra
+ security should be used. When this is set the dynamic linker ignores
+ the various environment variables that normally affect it. */
+
+extern int __libc_enable_secure;
+
#endif
#ifdef __USE_POSIX
diff --git a/sunrpc/rpc/auth.h b/sunrpc/rpc/auth.h
index 0e7e2a1..a40bddd 100644
--- a/sunrpc/rpc/auth.h
+++ b/sunrpc/rpc/auth.h
@@ -87,11 +87,6 @@ struct opaque_auth {
u_int oa_length; /* not to exceed MAX_AUTH_BYTES */
};
-#ifndef _RPC_AUTH_H
-
-#define _RPC_AUTH_H 1
-#include <features.h>
-
/*
* Auth handle, interface to client side authenticators.
*/
diff --git a/sunrpc/rpc/auth_unix.h b/sunrpc/rpc/auth_unix.h
index 19b891c..3fb7118 100644
--- a/sunrpc/rpc/auth_unix.h
+++ b/sunrpc/rpc/auth_unix.h
@@ -49,12 +49,6 @@
__BEGIN_DECLS
-#ifndef _RPC_AUTH_UNIX_H
-
-#define _RPC_AUTH_UNIX_H 1
-#include <features.h>
-
-
/* The machine name is part of a credential; it may not exceed 255 bytes */
#define MAX_MACHINE_NAME 255
diff --git a/sunrpc/rpc/pmap_clnt.h b/sunrpc/rpc/pmap_clnt.h
index 95f0749..3acfa59 100644
--- a/sunrpc/rpc/pmap_clnt.h
+++ b/sunrpc/rpc/pmap_clnt.h
@@ -40,11 +40,6 @@
* Copyright (C) 1984, Sun Microsystems, Inc.
*/
-#ifndef _RPC_PMAP_CLNT_H
-
-#define _RPC_PMAP_CLNT_H 1
-#include <features.h>
-
__BEGIN_DECLS
typedef bool_t (*resultproc_t)();
diff --git a/sunrpc/rpc/pmap_rmt.h b/sunrpc/rpc/pmap_rmt.h
index 15822ef..f5d4af1 100644
--- a/sunrpc/rpc/pmap_rmt.h
+++ b/sunrpc/rpc/pmap_rmt.h
@@ -47,10 +47,7 @@ struct rmtcallargs {
xdrproc_t xdr_args;
};
-bool_t xdr_rmtcallres __P ((XDR *__xdrs, struct rmtcallres *__crp));
-
-
-#endif /* rpc/pmap_rmt.h */
+bool_t xdr_rmtcall_args __P ((XDR *__xdrs, struct rmtcallargs *__crp));
struct rmtcallres {
u_long *port_ptr;
diff --git a/sunrpc/rpc/rpc_msg.h b/sunrpc/rpc/rpc_msg.h
index 533ec92..9c37a4e 100644
--- a/sunrpc/rpc/rpc_msg.h
+++ b/sunrpc/rpc/rpc_msg.h
@@ -42,12 +42,6 @@
#include <features.h>
-#ifndef _RPC_RPC_MSG_H
-
-#define _RPC_RPC_MSG_H 1
-#include <features.h>
-
-
#define RPC_MSG_VERSION ((u_long) 2)
#define RPC_SERVICE_PORT ((u_short) 2048)
@@ -55,7 +49,7 @@ __BEGIN_DECLS
/*
* Bottom up definition of an rpc message.
- * NOTE: call and reply use the same overall stuct but
+ * NOTE: call and reply use the same overall struct but
* different parts of unions within it.
*/
@@ -201,9 +195,6 @@ extern bool_t xdr_replymsg __P ((XDR *__xdrs, struct rpc_msg *__rmsg));
extern void _seterr_reply __P ((struct rpc_msg *__msg,
struct rpc_err *__error));
-#endif /* rpc/rpc_msg.h */
- struct rpc_err *__error));
-
__END_DECLS
#endif /* rpc/rpc_msg.h */
diff --git a/sysdeps/generic/dl-sysdep.c b/sysdeps/generic/dl-sysdep.c
index 87eac71..a4b8639 100644
--- a/sysdeps/generic/dl-sysdep.c
+++ b/sysdeps/generic/dl-sysdep.c
@@ -96,7 +96,7 @@ _dl_sysdep_start (void **start_argptr,
SEE (EGID, egid);
- _dl_secure = uid != euid || gid != egid;
+ __libc_enable_secure = uid != euid || gid != egid;
#ifdef DL_SYSDEP_INIT
DL_SYSDEP_INIT;
diff --git a/sysdeps/generic/enbl-secure.c b/sysdeps/generic/enbl-secure.c
new file mode 100644
index 0000000..b7530a8
--- /dev/null
+++ b/sysdeps/generic/enbl-secure.c
@@ -0,0 +1,34 @@
+/* Define and initialize the `__libc_enable_secure' flag. Generic version.
+Copyright (C) 1996 Free Software Foundation, Inc.
+This file is part of the GNU C Library.
+
+The GNU C Library is free software; you can redistribute it and/or
+modify it under the terms of the GNU Library General Public License as
+published by the Free Software Foundation; either version 2 of the
+License, or (at your option) any later version.
+
+The GNU C Library is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+Library General Public License for more details.
+
+You should have received a copy of the GNU Library General Public
+License along with the GNU C Library; see the file COPYING.LIB. If
+not, write to the Free Software Foundation, Inc., 675 Mass Ave,
+Cambridge, MA 02139, USA. */
+
+/* This file is used in the static libc. For the shared library,
+ dl-sysdep.c defines and initializes __libc_enable_secure. */
+
+#include <unistd.h>
+
+
+/* Safest assumption, if somehow the initializer isn't run. */
+int __libc_enable_secure = 1;
+
+static void __attribute__ ((unused, constructor))
+init_secure (void)
+{
+ __libc_enable_secure = (__geteuid () != __getuid () ||
+ __getegid () != __getgid ());
+}
diff --git a/sysdeps/mach/hurd/dl-sysdep.c b/sysdeps/mach/hurd/dl-sysdep.c
index ee2bf73..be0417c 100644
--- a/sysdeps/mach/hurd/dl-sysdep.c
+++ b/sysdeps/mach/hurd/dl-sysdep.c
@@ -107,7 +107,7 @@ _dl_sysdep_start (void **start_argptr,
else
_dl_hurd_data = (void *) p;
- _dl_secure = _dl_hurd_data->flags & EXEC_SECURE;
+ __libc_enable_secure = _dl_hurd_data->flags & EXEC_SECURE;
if (_dl_hurd_data->flags & EXEC_STACK_ARGS &&
_dl_hurd_data->user_entry == 0)