yann@1
|
1 |
2001-01-08 Ulrich Drepper <drepper@redhat.com>
|
yann@1
|
2 |
|
yann@1
|
3 |
* elf/rtld.c (process_envvars): Place output files for profiling
|
yann@1
|
4 |
in SUID binaries in /var/profile.
|
yann@1
|
5 |
|
yann@1
|
6 |
* elf/dl-load.c (_dl_map_object): Don't look in cache for
|
yann@1
|
7 |
preloading in SUID binaries.
|
yann@1
|
8 |
|
yann@1
|
9 |
* elf/dl-profile.c (_dl_start_profile): Open the output file with
|
yann@1
|
10 |
O_NOFOLLOW if possible.
|
yann@1
|
11 |
|
yann@1
|
12 |
* sysdeps/generic/segfault.c (install_handler): Check output file
|
yann@1
|
13 |
name with access().
|
yann@1
|
14 |
|
yann@1
|
15 |
--- libc/elf/rtld.c 2000/03/15 05:42:01 1.148.2.7
|
yann@1
|
16 |
+++ libc/elf/rtld.c 2001/01/10 07:45:19
|
yann@1
|
17 |
@@ -1273,7 +1273,7 @@
|
yann@1
|
18 |
char *debug_output = NULL;
|
yann@1
|
19 |
|
yann@1
|
20 |
/* This is the default place for profiling data file. */
|
yann@1
|
21 |
- _dl_profile_output = "/var/tmp";
|
yann@1
|
22 |
+ _dl_profile_output = __libc_enable_secure ? "/var/profile" : "/var/tmp";
|
yann@1
|
23 |
|
yann@1
|
24 |
while ((envline = _dl_next_ld_env_entry (&runp)) != NULL)
|
yann@1
|
25 |
{
|
yann@1
|
26 |
--- libc/elf/dl-load.c 1999/11/20 02:26:38 1.103.2.5
|
yann@1
|
27 |
+++ libc/elf/dl-load.c 2001/01/10 07:45:20
|
yann@1
|
28 |
@@ -1338,7 +1338,7 @@
|
yann@1
|
29 |
if (fd == -1 && env_path_list != NULL)
|
yann@1
|
30 |
fd = open_path (name, namelen, preloaded, env_path_list, &realname);
|
yann@1
|
31 |
|
yann@1
|
32 |
- if (fd == -1)
|
yann@1
|
33 |
+ if (fd == -1 && (! preloaded || ! __libc_enable_secure))
|
yann@1
|
34 |
{
|
yann@1
|
35 |
/* Check the list of libraries in the file /etc/ld.so.cache,
|
yann@1
|
36 |
for compatibility with Linux's ldconfig program. */
|
yann@1
|
37 |
--- libc/elf/dl-profile.c 1998/06/07 13:35:48 1.14
|
yann@1
|
38 |
+++ libc/elf/dl-profile.c 2001/01/10 07:45:21
|
yann@1
|
39 |
@@ -263,7 +263,12 @@
|
yann@1
|
40 |
*cp++ = '/';
|
yann@1
|
41 |
__stpcpy (__stpcpy (cp, _dl_profile), ".profile");
|
yann@1
|
42 |
|
yann@1
|
43 |
- fd = __open (filename, O_RDWR | O_CREAT, 0666);
|
yann@1
|
44 |
+#ifdef O_NOFOLLOW
|
yann@1
|
45 |
+# define EXTRA_FLAGS | O_NOFOLLOW
|
yann@1
|
46 |
+#else
|
yann@1
|
47 |
+# define EXTRA_FLAGS
|
yann@1
|
48 |
+#endif
|
yann@1
|
49 |
+ fd = __open (filename, O_RDWR | O_CREAT EXTRA_FLAGS, 0666);
|
yann@1
|
50 |
if (fd == -1)
|
yann@1
|
51 |
{
|
yann@1
|
52 |
/* We cannot write the profiling data so don't do anything. */
|
yann@1
|
53 |
--- libc/sysdeps/generic/segfault.c 2000/03/21 04:53:40 1.10.2.2
|
yann@1
|
54 |
+++ libc/sysdeps/generic/segfault.c 2001/01/10 07:45:22
|
yann@1
|
55 |
@@ -236,6 +236,7 @@
|
yann@1
|
56 |
|
yann@1
|
57 |
/* Preserve the output file name if there is any given. */
|
yann@1
|
58 |
name = getenv ("SEGFAULT_OUTPUT_NAME");
|
yann@1
|
59 |
- if (name != NULL && name[0] != '\0')
|
yann@1
|
60 |
+ if (name != NULL && name[0] != '\0'
|
yann@1
|
61 |
+ && (!__libc_enable_secure || access (name, R_OK | W_OK) == 0))
|
yann@1
|
62 |
fname = __strdup (name);
|
yann@1
|
63 |
}
|
yann@1
|
64 |
|
yann@1
|
65 |
--- libc/sysdeps/unix/sysv/linux/i386/dl-librecon.h.jj Wed Feb 24 23:01:58 1999
|
yann@1
|
66 |
+++ libc/sysdeps/unix/sysv/linux/i386/dl-librecon.h Mon Jan 15 04:30:57 2001
|
yann@1
|
67 |
@@ -49,13 +49,17 @@
|
yann@1
|
68 |
/* Recognizing extra environment variables. */
|
yann@1
|
69 |
#define EXTRA_LD_ENVVARS \
|
yann@1
|
70 |
case 15: \
|
yann@1
|
71 |
- if (memcmp (&envline[3], "LIBRARY_VERSION", 15) == 0) \
|
yann@1
|
72 |
+ if (!__libc_enable_secure \
|
yann@1
|
73 |
+ && memcmp (&envline[3], "LIBRARY_VERSION", 15) == 0) \
|
yann@1
|
74 |
{ \
|
yann@1
|
75 |
_dl_correct_cache_id = envline[19] == '5' ? 2 : 3; \
|
yann@1
|
76 |
break; \
|
yann@1
|
77 |
}
|
yann@1
|
78 |
|
yann@1
|
79 |
/* Extra unsecure variables. */
|
yann@1
|
80 |
-#define EXTRA_UNSECURE_ENVVARS "LD_AOUT_LIBRARY_PATH", "LD_AOUT_PRELOAD"
|
yann@1
|
81 |
+#define EXTRA_UNSECURE_ENVVARS \
|
yann@1
|
82 |
+ "LD_AOUT_LIBRARY_PATH", \
|
yann@1
|
83 |
+ "LD_AOUT_PRELOAD", \
|
yann@1
|
84 |
+ "LD_LIBRARY_VERSION"
|
yann@1
|
85 |
|
yann@1
|
86 |
#endif /* dl-librecon.h */
|