This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH v4] Improve DST handling (Bug 23102, Bug 21942, Bug 18018, Bug, 23259, CVE-2011-0536 ).

On 06/08/2018 07:45 AM, Carlos O'Donell wrote:

+	      /* For SUID/GUID programs we normally ignore the path with
+		 a DST in DT_RUNPATH, or DT_RPATH.  However, there is
+		 one exception to this rule, and it is:
+
+		   * $ORIGIN appears first in the path element, and is
+		     the only thing in the element or is immediately
+		     followed by a path separator and the rest of the
+		     path.
+
+		   * The path element is rooted in a trusted directory.
+
+		 This exception allows such programs to reference
+		 shared libraries in subdirectories of trusted
+		 directories.  The use case is one of general
+		 organization and deployment flexibility.
+		 Trusted directories are usually such paths as "/lib64"
+		 or "/lib".  */
+	      if (__glibc_unlikely (__libc_enable_secure)
+		  && !((input == start + 1
+			|| (input > start + 1 && input[-2] == '\0'))
+		       && (input[len] == '\0' || input[len] == '/')))
+		repl = (const char *) -1;
The comment does not match the code: The code checks that $ORIGIN comes first in the *path*, not *path element* (hence the need for the start variable). I'm not sure what the right behavior is here. Going by path element seems more correct. 

(The begin variable doesn't seem to add much value, as you noted.)

Thanks,
Florian
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]