Update.

	* posix/unistd.h: Move declaration of __libc_enable_secure to...
	* include/unistd.h: ...here.

	* elf/dl-open.c (dl_open_worker): If DST is used in SUID program punt.
	* elf/dl-deps.c (expand_dst): Likewise.

	* elf/dynamic-link.h: Set DT_SYMBOLIC, DT_TEXTREL, and DT_BIND_NOW
	based on DT_FLAGS value.

	* elf/do-lookup.h: Remove reference_name parameter, add undef_map.
	Add test for symbols marked STV_HIDDEN.
	* elf/dl-lookup.c (_dl_lookup_symbol): Remove reference_name parameter,
	add undef_map.  Compute reference_name locally.  Update call to
	do_lookup.
	(_dl_lookup_symbol_skip): Likewise.
	(_dl_lookup_versioned_symbol): Likewise.
	(_dl_lookup_versioned_symbol_skip): Likewise.
	* elf/dl-libc.c: Update call to _dl_lookup_*symbol.
	* elf/dl-runtime.c: Likewise.
	* elf/dl-sym.c: Likewise.
	* elf/dl-symbol.c: Likewise.
	* elf/ldsodefs.h: Adjust prototypes.

	* elf/dl-reloc.c (RESOLV): Add test for STV_PROTECTED flag set and
	handle appropriately.  Add comment about DT_TEXTREL.
	* elf/dl-runtime.c: Likewise.

1 files changed, 8 insertions, 1 deletions

diff --git a/elf/dl-open.c b/elf/dl-open.c
index a3cd8a05a3..097fd372c0 100644
--- a/elf/dl-open.c
+++ b/elf/dl-open.c
@@ -20,9 +20,10 @@
 #include <assert.h>
 #include <dlfcn.h>
 #include <errno.h>
+#include <libintl.h>
 #include <stdlib.h>
 #include <string.h>
-#include <libintl.h>
+#include <unistd.h>
 #include <sys/mman.h>		/* Check whether MAP_COPY is defined.  */
 #include <sys/param.h>
 #include <bits/libc-lock.h>
@@ -100,6 +101,12 @@ dl_open_worker (void *a)
       struct link_map *call_map;
       char *new_file;
 
+      /* DSTs must not appear in SUID/SGID programs.  */
+      if (__libc_enable_secure)
+	/* This is an error.  */
+	_dl_signal_error (0, "dlopen",
+			  "DST not allowed in SUID/SGID programs");
+
       /* We have to find out from which object the caller is calling.
 	 Find the highest-addressed object that ADDRESS is not below.  */
       call_map = NULL;