summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2011-06-23 22:04:06 -0400
committerRich Felker <dalias@aerifal.cx>2011-06-23 22:04:06 -0400
commitb7f6e0c6f848b7a8c64b3f7b72014b48a9923729 (patch)
tree7529d059082ddaecc0fcc23222cdd6699533b197
parentc7ce1b20d2f37f97f9cfcd57cb4fb4c7cd66a3a0 (diff)
downloadmusl-b7f6e0c6f848b7a8c64b3f7b72014b48a9923729.tar.gz
prepare support for LD_LIBRARY_PATH (checking suid/sgid safety)
the use of this test will be much stricter than glibc and other typical implementations; the environment will not be honored whatsoever unless the program is confirmed non-suid/sgid by the aux vector the kernel passed in. no fallback to slow syscall-based checking is used if the kernel fails to provide the information; we simply assume the worst (suid) in this case and refuse to honor environment.
-rw-r--r--src/ldso/dynlink.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/ldso/dynlink.c b/src/ldso/dynlink.c
index 8ade0737..b308b875 100644
--- a/src/ldso/dynlink.c
+++ b/src/ldso/dynlink.c
@@ -48,6 +48,7 @@ struct dso
};
static struct dso *head, *tail, *libc;
+static int trust_env;
#define AUX_CNT 15
#define DYN_CNT 34
@@ -373,6 +374,11 @@ void *__dynlink(int argc, char **argv, size_t *got)
/* At this point the standard library is fully functional */
+ /* Only trust user/env if kernel says we're not suid/sgid */
+ trust_env = (aux[0]&0x7800)==0x7800
+ && aux[AT_UID]==aux[AT_EUID]
+ && aux[AT_GID]==aux[AT_EGID];
+
head = tail = &app;
libc = &lib;
app.next = 0;