about summary refs log tree commit diff
path: root/elf/rtld.c
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>1998-07-08 22:53:56 +0000
committerUlrich Drepper <drepper@redhat.com>1998-07-08 22:53:56 +0000
commit4bae55673314ecad6127cc156b1e5e5bb3c88b57 (patch)
tree0852b2d8bcf4eaf45fad45bac6ae5d51955dbad9 /elf/rtld.c
parenta3d6fb9b428a51048b31eacd6fe7fad7095ccfd5 (diff)
downloadglibc-4bae55673314ecad6127cc156b1e5e5bb3c88b57.tar.gz
glibc-4bae55673314ecad6127cc156b1e5e5bb3c88b57.tar.xz
glibc-4bae55673314ecad6127cc156b1e5e5bb3c88b57.zip
Update.
1998-07-08 22:18  Ulrich Drepper  <drepper@cygnus.com>

	* elf/Versions: Add _dl_mcount_wrapper_check.
	* elf/dlfcn.h (DL_CALL_FCT): Don't test _dl_profile_map, simply use
	_dl_mcount_wrapper_check.
	* iconv/skeleton.c: Use DL_CALL_FCT, not _CALL_DL_FCT.

	* elf/dl-reloc.c (_dl_relocate_object): Don't declare using
	internal_function.
	* elf/ldsodefs.h: Likewise.

	* io/fcntl.h: Define SEEK_SET, SEEK_CUR, and SEEK_END.

	* libio/stdio.h: Make sure va_list is defined for X/Open.
	Define P_tmpdir for X/Open.

	* posix/regex.h: Fix typo.

	* posix/unistd.h: Define intptr_t if not already happened.
	Add pthread_atfork prototype.
	* sysdeps/generic/bits/types.h: Define __intptr_t.
	* sysdeps/unix/sysv/linux/alpha/bits/types.h: Likewise.
	* sysdeps/unix/sysv/linux/bits/types.h: Likewise.
	* sysdeps/unix/sysv/linux/bits/mips/types.h: Likewise.
	* sysdeps/unix/sysv/linux/bits/sparc/sparc64/types.h: Likewise.
	* sysdeps/unix/sysv/sysv4/solaris2/bits/types.h: Likewise.
	* sysdeps/wordsize-32/stdint.h: Don't define intptr_t if already done.
	* sysdeps/wordsize-64/stdint.h: Likewise.

	* posix/bits/posix1_lim.h: Define _POSIX_CLOCKRES_MIN.

	* signal/Makefile (headers): Add bits/sigthread.h.
	* signal/signal.h: Include bits/sigthread.h.
	* sysdeps/generic/bits/sigthread.h: New file.

	* stdlib/stdlib.h: Declare rand_r use __USE_POSIX.

	* sysdeps/generic/bits/confname.h: Define _PC_FILESIZEBITS.
	* sysdeps/posix/pathconf.c: Handle _PC_FILESIZEBITS.
	* sysdeps/unix/sysv/linux/alpha/fpathconf.c: New file.
	* sysdeps/unix/sysv/linux/alpha/pathconf.c: New file.

	* sysdeps/generic/bits/dlfcn.h: Define RTLD_LOCAL.

	* elf/rtld.c: Remove preloading and loadpath variables in SUID
	programs.
	* sysdeps/generic/dl-sysdep.c: Define unsetenv.
	* sysdeps/unix/sysv/linux/i386/dl-librecon.h: Define other envvar
	names.

	* sysdeps/unix/sysv/linux/bits/errno.h: Define ECANCELED.

	* sysdeps/unix/sysv/linux/bits/fcntl.h: Define O_RSYNC and O_DSYNC.
	Remove O_READ and O_WRITE definition.

	* sysdeps/unix/sysv/linux/bits/resource.h: Define RLIM_SAVED_MAX
	and RLIM_SAVED_CUR.

	* sysdeps/unix/sysv/linux/fstatvfs.h: Handle UFS filesystem.

1998-07-06  Andreas Schwab  <schwab@issan.informatik.uni-dortmund.de>

	* Makerules ($(common-objpfx)sysd-versions): Expect awk script in
	scripts directory.  Pass move-if-change to awk.
	(common-generated): Add $(version-maps) and sysd-versions.
	* versions.awk: Moved to...
	* scripts/versions.awk: ... here.  Use move-if-change to void
	touching unchanged files.  Print "version-maps = ..." instead of
	"all-version-maps = ..." and without $(common-objpfx).  Explain
	expected variable names.
	* Makefile (distribute): Updated.

1998-07-06  Andreas Schwab  <schwab@issan.informatik.uni-dortmund.de>

	* misc/getttyent.c (getttyent): Don't return with locked stream.
	* misc/mntent_r.c (__getmntent_r): Likewise.

1998-07-07 18:24  Ulrich Drepper  <drepper@cygnus.com>

	* libio/fileops.c (_IO_do_write): Don't shrink wwrite buffer to zero
	if stream is line buffered.
	(_io_file_overflow): Likewise.
	* libio/libio.h (_IO_putc_unlocked): Make sure that for line-buffered
	streams writing '\n' flushes the string.
Diffstat (limited to 'elf/rtld.c')
-rw-r--r--elf/rtld.c23
1 files changed, 23 insertions, 0 deletions
diff --git a/elf/rtld.c b/elf/rtld.c
index df5db230f4..f1b612166d 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -1193,6 +1193,29 @@ process_envvars (enum mode *modep, int *lazyp)
 	}
     }
 
+  /* Extra security for SUID binaries.  Remove all dangerous environment
+     variables.  */
+  if (__libc_enable_secure)
+    {
+      static const char *unsecure_envvars[] =
+      {
+#ifdef EXTRA_UNSECURE_ENVVARS
+	EXTRA_UNSECURE_ENVVARS
+#endif
+      };
+      size_t cnt;
+
+      if (preloadlist != NULL)
+	unsetenv ("LD_PRELOAD");
+      if (library_path != NULL)
+	unsetenv ("LD_LIBRARY_PATH");
+
+      for (cnt = 0;
+	   cnt < sizeof (unsecure_envvars) / sizeof (unsecure_envvars[0]);
+	   ++cnt)
+	unsetenv (unsecure_envvars[cnt]);
+    }
+
   /* If we have to run the dynamic linker in debugging mode and the
      LD_DEBUG_OUTPUT environment variable is given, we write the debug
      messages to this file.  */