prepare support for LD_LIBRARY_PATH (checking suid/sgid safety)

the use of this test will be much stricter than glibc and other typical implementations; the environment will not be honored whatsoever unless the program is confirmed non-suid/sgid by the aux vector the kernel passed in. no fallback to slow syscall-based checking is used if the kernel fails to provide the information; we simply assume the worst (suid) in this case and refuse to honor environment.

prepare support for LD_LIBRARY_PATH (checking suid/sgid safety)
the use of this test will be much stricter than glibc and other typical implementations; the environment will not be honored whatsoever unless the program is confirmed non-suid/sgid by the aux vector the kernel passed in. no fallback to slow syscall-based checking is used if the kernel fails to provide the information; we simply assume the worst (suid) in this case and refuse to honor environment.
b7f6e0c6 · Rich Felker · c7ce1b20 · b7f6e0c6
隐藏空白更改
内联并排

Showing with 6 addition and 0 deletion

src/ldso/dynlink.c src/ldso/dynlink.c +6 -0

未找到文件。
--- a/src/ldso/dynlink.c
+++ b/src/ldso/dynlink.c
@@ -48,6 +48,7 @@ struct dso
 };

 static struct dso *head, *tail, *libc;
+static int trust_env;

 #define AUX_CNT 15
 #define DYN_CNT 34
@@ -373,6 +374,11 @@ void *__dynlink(int argc, char **argv, size_t *got)

 	/* At this point the standard library is fully functional */

+	/* Only trust user/env if kernel says we're not suid/sgid */
+	trust_env = (aux[0]&0x7800)==0x7800
+		&& aux[AT_UID]==aux[AT_EUID]
+		&& aux[AT_GID]==aux[AT_EGID];
+
 	head = tail = &app;
 	libc = &lib;
 	app.next = 0;