This is the mail archive of the libc-help@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Constructor of external lib called too early


On 07/29/2013 03:16 PM, Siddhesh Poyarekar wrote:

The constructors are usually called like this from the linker:

   if (l->l_info[DT_INIT] != NULL)
     {
       init_t init = (init_t) DL_DT_INIT_ADDRESS
         (l, l->l_addr + l->l_info[DT_INIT]->d_un.d_ptr);

       /* Call the function.  */
       init (argc, argv, env);
     }

So if your constructor accepts argc, argv and envp, you might be able
to get the environment from its argument.  This is a NULL terminated
array, so you will have to do your own traversal and matching.  I
don't know if this is documented anywhere, so I don't know if it is
the canonical way to do this.

You also have to make sure you don't traverse the environment if the
executed binary is suid.

Will getauxval(AT_SECURE) work at this point? Is there some other way to access the auxiliary vector (besides parsing /proc)?

--
Florian Weimer / Red Hat Product Security Team


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]