summary refs log tree commit diff
path: root/elf/rtld.c
diff options
context:
space:
mode:
Diffstat (limited to 'elf/rtld.c')
-rw-r--r--elf/rtld.c23
1 files changed, 23 insertions, 0 deletions
diff --git a/elf/rtld.c b/elf/rtld.c
index df5db230f4..f1b612166d 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -1193,6 +1193,29 @@ process_envvars (enum mode *modep, int *lazyp)
 	}
     }
 
+  /* Extra security for SUID binaries.  Remove all dangerous environment
+     variables.  */
+  if (__libc_enable_secure)
+    {
+      static const char *unsecure_envvars[] =
+      {
+#ifdef EXTRA_UNSECURE_ENVVARS
+	EXTRA_UNSECURE_ENVVARS
+#endif
+      };
+      size_t cnt;
+
+      if (preloadlist != NULL)
+	unsetenv ("LD_PRELOAD");
+      if (library_path != NULL)
+	unsetenv ("LD_LIBRARY_PATH");
+
+      for (cnt = 0;
+	   cnt < sizeof (unsecure_envvars) / sizeof (unsecure_envvars[0]);
+	   ++cnt)
+	unsetenv (unsecure_envvars[cnt]);
+    }
+
   /* If we have to run the dynamic linker in debugging mode and the
      LD_DEBUG_OUTPUT environment variable is given, we write the debug
      messages to this file.  */