summary refs log tree commit diff
path: root/elf
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>2000-05-25 05:02:35 +0000
committerUlrich Drepper <drepper@redhat.com>2000-05-25 05:02:35 +0000
commitdb33f7d4aef7422140d5e19c440bb5e084fbe186 (patch)
tree6b9f917cc1cc44fe8fea1e0dc2fedd42e9289285 /elf
parentacb5ee2e561276d64c6e26ef4b82f59a4db5ae90 (diff)
downloadglibc-db33f7d4aef7422140d5e19c440bb5e084fbe186.tar.gz
glibc-db33f7d4aef7422140d5e19c440bb5e084fbe186.tar.xz
glibc-db33f7d4aef7422140d5e19c440bb5e084fbe186.zip
Update.
	* csu/Makefile (routines): Add check_fds.
	* elf/rtld.c (dl_main): Call __libc_check_standard_fds for SUID
	binaries.  Add various __builtin_expect.
	* sysdeps/generic/libc-start.c: Move check_fds and helper functions...
	* sysdeps/generic/check_fds.c: ...here.  New file.

	* malloc/malloc.c (ptmalloc_init): Only enable debugging for SUID
	binaries if file /etc/suid-debug is available.
Diffstat (limited to 'elf')
-rw-r--r--elf/rtld.c20
1 files changed, 15 insertions, 5 deletions
diff --git a/elf/rtld.c b/elf/rtld.c
index 5c3dd43abf..b41a90f3ec 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -52,6 +52,9 @@ extern void *_dl_sysdep_read_whole_file (const char *filename,
 					 size_t *filesize_ptr,
 					 int mmap_prot);
 
+/* Protec SUID program against misuse of file descriptors.  */
+extern void __libc_check_standard_fds (void);
+
 /* Helper function to handle errors while resolving symbols.  */
 static void print_unresolved (int errcode, const char *objname,
 			      const char *errsting);
@@ -396,6 +399,12 @@ dl_main (const ElfW(Phdr) *phdr,
   hp_timing_t diff;
 #endif
 
+  /* First thing, if this is a SUID program we make sure that FDs 0,
+     1, and 2 are allocated.  If necessary we are doing it ourself.
+     If it is not possible we stop the program.  */
+  if (__builtin_expect (__libc_enable_secure, 0))
+    __libc_check_standard_fds ();
+
   /* Process the environment variable which control the behaviour.  */
   process_envvars (&mode, &_dl_lazy);
 
@@ -673,7 +682,7 @@ of this helper program; chances are you did not intend to run this program.\n\
   preloads = NULL;
   npreloads = 0;
 
-  if (preloadlist)
+  if (__builtin_expect (preloadlist != NULL, 0))
     {
       /* The LD_PRELOAD environment variable gives list of libraries
 	 separated by white space or colons that are loaded before the
@@ -687,7 +696,8 @@ of this helper program; chances are you did not intend to run this program.\n\
 
       while ((p = strsep (&list, " :")) != NULL)
 	if (p[0] != '\0'
-	    && (! __libc_enable_secure || strchr (p, '/') == NULL))
+	    && (__builtin_expect (! __libc_enable_secure, 1)
+		|| strchr (p, '/') == NULL))
 	  {
 	    struct link_map *new_map = _dl_map_object (_dl_loaded, p, 1,
 						       lt_library, 0);
@@ -704,7 +714,7 @@ of this helper program; chances are you did not intend to run this program.\n\
   /* Read the contents of the file.  */
   file = _dl_sysdep_read_whole_file ("/etc/ld.so.preload", &file_size,
 				     PROT_READ | PROT_WRITE);
-  if (file)
+  if (__builtin_expect (file != NULL, 0))
     {
       /* Parse the file.  It contains names of libraries to be loaded,
 	 separated by white spaces or `:'.  It may also contain
@@ -783,7 +793,7 @@ of this helper program; chances are you did not intend to run this program.\n\
       __munmap (file, file_size);
     }
 
-  if (npreloads != 0)
+  if (__builtin_expect (npreloads, 0) != 0)
     {
       /* Set up PRELOADS with a vector of the preloaded libraries.  */
       struct link_map *l;
@@ -1072,7 +1082,7 @@ of this helper program; chances are you did not intend to run this program.\n\
        this has to go here because the calls it makes should use the
        rtld versions of the functions (particularly calloc()), but it
        needs to have _dl_profile_map set up by the relocator.  */
-    if (_dl_profile_map != NULL)
+    if (__builtin_expect (_dl_profile_map != NULL, 0))
       /* We must prepare the profiling.  */
       _dl_start_profile (_dl_profile_map, _dl_profile_output);