diff options
Diffstat (limited to 'sysdeps')
-rw-r--r-- | sysdeps/generic/libc-start.c | 43 |
1 files changed, 42 insertions, 1 deletions
diff --git a/sysdeps/generic/libc-start.c b/sysdeps/generic/libc-start.c index c1a4c1e55f..191a1e017f 100644 --- a/sysdeps/generic/libc-start.c +++ b/sysdeps/generic/libc-start.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1998 Free Software Foundation, Inc. +/* Copyright (C) 1998, 1999 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -16,8 +16,12 @@ write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ +#include <errno.h> +#include <fcntl.h> +#include <paths.h> #include <stdlib.h> #include <unistd.h> +#include <sys/ioctl.h> #include <elf/ldsodefs.h> extern void __libc_init_first (int argc, char **argv, char **envp); @@ -27,6 +31,9 @@ weak_extern (_dl_starting_up) extern int __libc_multiple_libcs; extern void *__libc_stack_end; +/* Prototype for local function. */ +static void check_standard_fds (void); + int __libc_start_main (int (*main) (int, char **, char **), int argc, char **argv, void (*init) (void), void (*fini) (void), @@ -47,6 +54,11 @@ __libc_start_main (int (*main) (int, char **, char **), int argc, /* Set the global _environ variable correctly. */ __environ = &argv[argc + 1]; + /* Some security at this point. Prevent starting a SUID binary where + the standard file descriptors are not opened. */ + if (__libc_enable_secure) + check_standard_fds (); + /* Register the destructor of the dynamic linker if there is any. */ if (rtld_fini != NULL) atexit (rtld_fini); @@ -77,3 +89,32 @@ __libc_start_main (int (*main) (int, char **, char **), int argc, exit ((*main) (argc, argv, __environ)); } + + +/* Should other OSes (e.g., Hurd) have different versions which can + be written in a better way? */ +static void +check_one_fd (int fd, int mode) +{ + if (__fcntl (fd, F_GETFD) == -1 && errno == EBADF) + { + /* Something is wrong with this descriptor, it's probably not + opened. Open /dev/null so that the SUID program we are + about to start does not accidently use this descriptor. */ + int nullfd = __open (_PATH_DEVNULL, mode); + if (nullfd == -1) + /* We cannot even given an error message here since it would + run into the same problems. */ + abort (); + } +} + + +static void +check_standard_fds (void) +{ +/* Check all three standard file descriptors. */ + check_one_fd (STDIN_FILENO, O_RDONLY); + check_one_fd (STDOUT_FILENO, O_RDWR); + check_one_fd (STDERR_FILENO, O_RDWR); +} |