From df0b5a49406763aa4719dfad561a5de8924ecd59 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Tue, 23 Aug 2011 09:37:39 -0400 Subject: security hardening: ensure suid programs have valid stdin/out/err this behavior (opening fds 0-2 for a suid program) is explicitly allowed (but not required) by POSIX to protect badly-written suid programs from clobbering files they later open. this commit does add some cost in startup code, but the availability of auxv and the security flag will be useful elsewhere in the future. in particular auxv is needed for static-linked vdso support, which is still waiting to be committed (sorry nik!) --- src/internal/libc.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'src/internal/libc.h') diff --git a/src/internal/libc.h b/src/internal/libc.h index 115cd865..d985902c 100644 --- a/src/internal/libc.h +++ b/src/internal/libc.h @@ -7,13 +7,15 @@ struct __libc { void *main_thread; int threaded; - int canceldisable; + int secure; + size_t *auxv; int (*atexit)(void (*)(void)); void (*fini)(void); void (*ldso_fini)(void); volatile int threads_minus_1; - int ofl_lock; + int canceldisable; FILE *ofl_head; + int ofl_lock; }; -- cgit v1.2.1