From f57a3c946af8a254679a9718c54e50c2c0057694 Mon Sep 17 00:00:00 2001 From: Roland McGrath Date: Wed, 8 Dec 2004 22:08:52 +0000 Subject: * elf/ldd.bash.in: When set -o pipefail is available, use that for piping to cat; when not, don't use the pipe at all. Pipe to cat in all cases of running the executable. When direct running exits with code 5, retry running via ${RTLD}. * elf/rtld.c (process_envvars): If __libc_enable_secure and mode != normal, exit with exitcode 5. --- elf/ldd.bash.in | 31 ++++++++++++++++++++++++++----- elf/rtld.c | 6 ++++-- 2 files changed, 30 insertions(+), 7 deletions(-) (limited to 'elf') diff --git a/elf/ldd.bash.in b/elf/ldd.bash.in index f400924217..4d7c33c728 100644 --- a/elf/ldd.bash.in +++ b/elf/ldd.bash.in @@ -105,6 +105,21 @@ add_env="$add_env LD_VERBOSE=$verbose" if test "$unused" = yes; then add_env="$add_env LD_DEBUG=\"$LD_DEBUG${LD_DEBUG:+,}unused\"" fi + +# The following use of cat is needed to make ldd work in SELinux +# environments where the executed program might not have permissions +# to write to the console/tty. But only bash 3.x supports the pipefail +# option, and we don't bother to handle the case for older bash versions. +if set -o pipefail 2> /dev/null; then + try_trace() { + eval $add_env '"$@"' | cat + } +else + try_trace() { + eval $add_env '"$@"' + } +fi + case $# in 0) echo >&2 'ldd:' $"missing file arguments" @@ -153,7 +168,16 @@ warning: you do not have execution permission for" "\`$file'" >&2 fi case $ret in 0) - eval $add_env '"$file"' || result=1 + # If the program exits with exit code 5, it means the process has been + # invoked with __libc_enable_secure. Fall back to running it through + # the dynamic linker. + try_trace "$file" + rc=$? + if [ $rc = 5 ]; then + try_trace "$RTLD" "$file" + rc=$? + fi + [ $rc = 0 ] || result=1 ;; 1) # This can be a non-ELF binary or no binary at all. @@ -163,10 +187,7 @@ warning: you do not have execution permission for" "\`$file'" >&2 } ;; 2) - # The following use of cat is needed to make ldd work in SELinux - # environments where the executed program might not have permissions - # to write to the console/tty. - eval $add_env \${RTLD} '"$file"' | cat || result=1 + try_trace "$RTLD" "$file" || result=1 ;; *) echo 'ldd:' ${RTLD} $"exited with unknown exit code" "($ret)" >&2 diff --git a/elf/rtld.c b/elf/rtld.c index 13f7b4f748..cd40f80088 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -2269,9 +2269,11 @@ process_envvars (enum mode *modep) if (__access ("/etc/suid-debug", F_OK) != 0) { unsetenv ("MALLOC_CHECK_"); - if (mode == normal) - GLRO(dl_debug_mask) = 0; + GLRO(dl_debug_mask) = 0; } + + if (mode != normal) + _exit (5); } /* If we have to run the dynamic linker in debugging mode and the LD_DEBUG_OUTPUT environment variable is given, we write the debug -- cgit 1.4.1