This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch master updated. glibc-2.26.9000-1021-g10e93d9

From: ldv at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 19 Dec 2017 22:27:18 -0000
Subject: GNU C Library master sources branch master updated. glibc-2.26.9000-1021-g10e93d9

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  10e93d968716ab82931d593bada121c17c0a4b93 (commit)
      from  ce16eb52c0987fd94bc13d51ddc787134a7e4b0c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=10e93d968716ab82931d593bada121c17c0a4b93

commit 10e93d968716ab82931d593bada121c17c0a4b93
Author: Dmitry V. Levin <ldv@altlinux.org>
Date:   Mon Dec 18 21:46:07 2017 +0000

    elf: remove redundant __libc_enable_secure check from fillin_rpath
    
    There are just two users of fillin_rpath: one is decompose_rpath that
    sets check_trusted argument to 0, another one is _dl_init_paths that
    sets check_trusted argument to __libc_enable_secure and invokes
    fillin_rpath only when LD_LIBRARY_PATH is non-empty.
    
    Starting with commit
    glibc-2.25.90-512-gf6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d,
    LD_LIBRARY_PATH is ignored for __libc_enable_secure executables,
    so check_trusted argument of fillin_rpath is always zero.
    
    * elf/dl-load.c (is_trusted_path): Remove.
    (fillin_rpath): Remove check_trusted argument and its use,
    all callers changed.

diff --git a/ChangeLog b/ChangeLog
index 41ca4d2..e40a977 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2017-12-19  Dmitry V. Levin  <ldv@altlinux.org>
+
+	* elf/dl-load.c (is_trusted_path): Remove.
+	(fillin_rpath): Remove check_trusted argument and its use,
+	all callers changed.
+
 2017-12-19  H.J. Lu  <hongjiu.lu@intel.com>
 
 	[BZ #22630]
diff --git a/elf/dl-load.c b/elf/dl-load.c
index e7d97dc..2964464 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -117,24 +117,6 @@ static const size_t system_dirs_len[] =
 #define nsystem_dirs_len array_length (system_dirs_len)
 
 static bool
-is_trusted_path (const char *path, size_t len)
-{
-  const char *trun = system_dirs;
-
-  for (size_t idx = 0; idx < nsystem_dirs_len; ++idx)
-    {
-      if (len == system_dirs_len[idx] && memcmp (trun, path, len) == 0)
-	/* Found it.  */
-	return true;
-
-      trun += system_dirs_len[idx] + 1;
-    }
-
-  return false;
-}
-
-
-static bool
 is_trusted_path_normalize (const char *path, size_t len)
 {
   if (len == 0)
@@ -428,8 +410,7 @@ static size_t max_dirnamelen;
 
 static struct r_search_path_elem **
 fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,
-	      int check_trusted, const char *what, const char *where,
-	      struct link_map *l)
+	      const char *what, const char *where, struct link_map *l)
 {
   char *cp;
   size_t nelems = 0;
@@ -459,13 +440,6 @@ fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,
       if (len > 0 && cp[len - 1] != '/')
 	cp[len++] = '/';
 
-      /* Make sure we don't use untrusted directories if we run SUID.  */
-      if (__glibc_unlikely (check_trusted) && !is_trusted_path (cp, len))
-	{
-	  free (to_free);
-	  continue;
-	}
-
       /* See if this directory is already known.  */
       for (dirp = GL(dl_all_dirs); dirp != NULL; dirp = dirp->next)
 	if (dirp->dirnamelen == len && memcmp (cp, dirp->dirname, len) == 0)
@@ -614,7 +588,7 @@ decompose_rpath (struct r_search_path_struct *sps,
       _dl_signal_error (ENOMEM, NULL, NULL, errstring);
     }
 
-  fillin_rpath (copy, result, ":", 0, what, where, l);
+  fillin_rpath (copy, result, ":", what, where, l);
 
   /* Free the copied RPATH string.  `fillin_rpath' make own copies if
      necessary.  */
@@ -791,8 +765,7 @@ _dl_init_paths (const char *llp)
 	}
 
       (void) fillin_rpath (llp_tmp, env_path_list.dirs, ":;",
-			   __libc_enable_secure, "LD_LIBRARY_PATH",
-			   NULL, l);
+			   "LD_LIBRARY_PATH", NULL, l);
 
       if (env_path_list.dirs[0] == NULL)
 	{

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog     |    6 ++++++
 elf/dl-load.c |   33 +++------------------------------
 2 files changed, 9 insertions(+), 30 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]