diff options
| author | Ulrich Drepper <drepper@redhat.com> | 2000-09-26 09:46:55 +0000 |
|---|---|---|
| committer | Ulrich Drepper <drepper@redhat.com> | 2000-09-26 09:46:55 +0000 |
| commit | 74955460c5b9f23d7783395ce2478f5b7c5fd876 (patch) | |
| tree | e0ddae614d73c52ebaac1e65d3d9fbaf6aafe4e6 /elf | |
| parent | 316ca440b070114ba877455c3dbbcdc1b20e4f33 (diff) | |
| download | glibc-74955460c5b9f23d7783395ce2478f5b7c5fd876.tar.gz glibc-74955460c5b9f23d7783395ce2478f5b7c5fd876.tar.xz glibc-74955460c5b9f23d7783395ce2478f5b7c5fd876.zip | |
Update.
2000-09-26 Thorsten Kukuk <kukuk@suse.de> * nscd/dbg_log.c (dbg_log): Add missing format string. * catgets/catgets.c (catopen): Use getenv instead of __secure_getenv since we filter out the variable once. * iconv/gconv_conf.c (__gconv_get_path): Likewise. * locale/newlocale.c (__newlocale): Likewise. * locale/setlocale.c (setlocale): Likewise. * malloc/malloc.c (ptmalloc_init): Likewise. * resolv/res_hconf.c (_res_hconf_init): Likewise. * resolv/res_init.c (__res_vinit): Likewise. * time/tzfile.c (__tzfile_read): Likewise. * sysdeps/generic/unsecvars.h: New file. * elf/dl-support.c (non_dynamic_init): Use it here to remove variables. * elf/rtld.c (process_envvars): Likewise. * elf/Makefile (distribute): Add unsecvars.h.
Diffstat (limited to 'elf')
| -rw-r--r-- | elf/Makefile | 2 | ||||
| -rw-r--r-- | elf/dl-support.c | 22 | ||||
| -rw-r--r-- | elf/rtld.c | 5 |
3 files changed, 28 insertions, 1 deletions
diff --git a/elf/Makefile b/elf/Makefile index 0fc81e021f..84815b30ea 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -46,7 +46,7 @@ distribute := $(rtld-routines:=.c) dynamic-link.h do-rel.h dl-machine.h \ testobj1.c testobj2.c testobj3.c testobj4.c testobj5.c \ testobj6.c testobj1_1.c failobj.c unloadmod.c \ ldconfig.h ldconfig.c cache.c readlib.c readelflib.c \ - dep1.c dep2.c dep3.c dep4.c dl-dtprocnum.h \ + dep1.c dep2.c dep3.c dep4.c dl-dtprocnum.h unsecvars.h \ vismain.c vismod1.c vismod2.c vismod3.c \ constload2.c constload3.c filtmod1.c filtmod2.c \ nodlopenmod.c nodelete.c nodelmod1.c nodelmod2.c \ diff --git a/elf/dl-support.c b/elf/dl-support.c index 50b37e8166..75d7b1926a 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -27,6 +27,8 @@ #include <ldsodefs.h> #include <dl-machine.h> #include <bits/libc-lock.h> +#include <dl-librecon.h> +#include <unsecvars.h> extern char *__progname; char **_dl_argv = &__progname; /* This is checked for some error messages. */ @@ -125,6 +127,26 @@ non_dynamic_init (void) _dl_dynamic_weak = *(getenv ("LD_DYNAMIC_WEAK") ?: "") == '\0'; + if (__libc_enable_secure) + { + static const char *unsecure_envvars[] = + { + UNSECURE_ENVVARS, +#ifdef EXTRA_UNSECURE_ENVVARS + EXTRA_UNSECURE_ENVVARS +#endif + }; + size_t cnt; + + for (cnt = 0; + cnt < sizeof (unsecure_envvars) / sizeof (unsecure_envvars[0]); + ++cnt) + unsetenv (unsecure_envvars[cnt]); + + if (__access ("/etc/suid-debug", F_OK) != 0) + unsetenv ("MALLOC_CHECK_"); + } + #ifdef DL_PLATFORM_INIT DL_PLATFORM_INIT; #endif diff --git a/elf/rtld.c b/elf/rtld.c index 18ff312baa..d17d83961d 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -30,6 +30,7 @@ #include <bits/libc-lock.h> #include "dynamic-link.h" #include "dl-librecon.h" +#include <unsecvars.h> #include <assert.h> @@ -1465,6 +1466,7 @@ process_envvars (enum mode *modep, int *lazyp) { static const char *unsecure_envvars[] = { + UNSECURE_ENVVARS, #ifdef EXTRA_UNSECURE_ENVVARS EXTRA_UNSECURE_ENVVARS #endif @@ -1486,6 +1488,9 @@ process_envvars (enum mode *modep, int *lazyp) cnt < sizeof (unsecure_envvars) / sizeof (unsecure_envvars[0]); ++cnt) unsetenv (unsecure_envvars[cnt]); + + if (__access ("/etc/suid-debug", F_OK) != 0) + unsetenv ("MALLOC_CHECK_"); } /* The name of the object to profile cannot be empty. */ |