This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
On 2017-12-19 01:41, Dmitry V. Levin wrote:
> There are just two users of fillin_rpath: one is decompose_rpath that
> sets check_trusted argument to 0, another one is _dl_init_paths that
> sets check_trusted argument to __libc_enable_secure and invokes
> fillin_rpath only when LD_LIBRARY_PATH is non-empty.
>
> Starting with commit
> glibc-2.25.90-512-gf6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d,
> LD_LIBRARY_PATH is ignored for __libc_enable_secure executables,
> so check_trusted argument of fillin_rpath is always zero.
>
> * elf/dl-load.c (is_trusted_path): Remove.
> (fillin_rpath): Remove check_trusted argument and its use,
> all callers changed.
> ---
> ChangeLog | 6 ++++++
> elf/dl-load.c | 33 +++------------------------------
> 2 files changed, 9 insertions(+), 30 deletions(-)
>
> diff --git a/elf/dl-load.c b/elf/dl-load.c
> index e7d97dc..2964464 100644
> --- a/elf/dl-load.c
> +++ b/elf/dl-load.c
> @@ -117,24 +117,6 @@ static const size_t system_dirs_len[] =
> #define nsystem_dirs_len array_length (system_dirs_len)
>
> static bool
> -is_trusted_path (const char *path, size_t len)
> -{
> - const char *trun = system_dirs;
> -
> - for (size_t idx = 0; idx < nsystem_dirs_len; ++idx)
> - {
> - if (len == system_dirs_len[idx] && memcmp (trun, path, len) == 0)
> - /* Found it. */
> - return true;
> -
> - trun += system_dirs_len[idx] + 1;
> - }
> -
> - return false;
> -}
> -
> -
> -static bool
> is_trusted_path_normalize (const char *path, size_t len)
> {
> if (len == 0)
> @@ -428,8 +410,7 @@ static size_t max_dirnamelen;
>
> static struct r_search_path_elem **
> fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,
> - int check_trusted, const char *what, const char *where,
> - struct link_map *l)
> + const char *what, const char *where, struct link_map *l)
> {
> char *cp;
> size_t nelems = 0;
> @@ -459,13 +440,6 @@ fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,
> if (len > 0 && cp[len - 1] != '/')
> cp[len++] = '/';
>
> - /* Make sure we don't use untrusted directories if we run SUID. */
> - if (__glibc_unlikely (check_trusted) && !is_trusted_path (cp, len))
> - {
> - free (to_free);
> - continue;
> - }
> -
> /* See if this directory is already known. */
> for (dirp = GL(dl_all_dirs); dirp != NULL; dirp = dirp->next)
> if (dirp->dirnamelen == len && memcmp (cp, dirp->dirname, len) == 0)
> @@ -614,7 +588,7 @@ decompose_rpath (struct r_search_path_struct *sps,
> _dl_signal_error (ENOMEM, NULL, NULL, errstring);
> }
>
> - fillin_rpath (copy, result, ":", 0, what, where, l);
> + fillin_rpath (copy, result, ":", what, where, l);
>
> /* Free the copied RPATH string. `fillin_rpath' make own copies if
> necessary. */
> @@ -791,8 +765,7 @@ _dl_init_paths (const char *llp)
> }
>
> (void) fillin_rpath (llp_tmp, env_path_list.dirs, ":;",
> - __libc_enable_secure, "LD_LIBRARY_PATH",
> - NULL, l);
> + "LD_LIBRARY_PATH", NULL, l);
>
> if (env_path_list.dirs[0] == NULL)
> {
This assumes that __libc_enable_secure is never set when the dynamic
linker is invoked directly with --library-path. That seems a valid
assumption, so that patch looks all good to me.
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurelien@aurel32.net http://www.aurel32.net
Attachment:
signature.asc
Description: PGP signature
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |