about summary refs log tree commit diff
path: root/src/env
diff options
context:
space:
mode:
Diffstat (limited to 'src/env')
-rw-r--r--src/env/__environ.c7
-rw-r--r--src/env/__init_security.c26
-rw-r--r--src/env/__libc_start_main.c18
3 files changed, 38 insertions, 13 deletions
diff --git a/src/env/__environ.c b/src/env/__environ.c
index d7bd5e50..0a2786fd 100644
--- a/src/env/__environ.c
+++ b/src/env/__environ.c
@@ -1,7 +1,6 @@
 #include "libc.h"
 
 #undef environ
-char **___environ = 0;
-weak_alias(___environ, __environ);
-weak_alias(___environ, _environ);
-weak_alias(___environ, environ);
+char **__environ = 0;
+weak_alias(__environ, _environ);
+weak_alias(__environ, environ);
diff --git a/src/env/__init_security.c b/src/env/__init_security.c
new file mode 100644
index 00000000..5fd12ecb
--- /dev/null
+++ b/src/env/__init_security.c
@@ -0,0 +1,26 @@
+#include <stddef.h>
+#include <elf.h>
+#include <poll.h>
+#include <fcntl.h>
+#include "syscall.h"
+#include "libc.h"
+#include "atomic.h"
+
+#define AUX_CNT 24
+
+void __init_security(size_t *auxv)
+{
+	size_t i, aux[AUX_CNT] = { 0 };
+	struct pollfd pfd[3] = { {.fd=0}, {.fd=1}, {.fd=2} };
+
+	for (; auxv[0]; auxv+=2) if (auxv[0]<AUX_CNT) aux[auxv[0]] = auxv[1];
+	if (aux[AT_UID]==aux[AT_EUID] && aux[AT_GID]==aux[AT_EGID]
+		&& !aux[AT_SECURE]) return;
+
+	__syscall(SYS_poll, pfd, 3, 0);
+	for (i=0; i<3; i++)
+		if (pfd[i].revents&POLLNVAL)
+			if (__syscall(SYS_open, "/dev/null", O_RDWR)<0)
+				a_crash();
+	libc.secure = 1;
+}
diff --git a/src/env/__libc_start_main.c b/src/env/__libc_start_main.c
index 70af77b5..f31222b2 100644
--- a/src/env/__libc_start_main.c
+++ b/src/env/__libc_start_main.c
@@ -1,21 +1,21 @@
 #include "libc.h"
 
-/* Any use of __environ/environ will override this symbol. */
-char **__dummy_environ = (void *)-1;
-weak_alias(__dummy_environ, ___environ);
+void __init_security(size_t *);
 
 int __libc_start_main(
 	int (*main)(int, char **, char **), int argc, char **argv,
 	int (*init)(int, char **, char **), void (*fini)(void),
 	void (*ldso_fini)(void))
 {
-	/* Save the environment if it may be used by libc/application */
-	char **envp = argv+argc+1;
-	if (___environ != (void *)-1) ___environ = envp;
+	char **envp = argv+argc+1, **auxv = envp;
 
-	/* Avoid writing 0 and triggering unnecessary COW */
-	if (ldso_fini) libc.ldso_fini = ldso_fini;
-	if (fini) libc.fini = fini;
+	__environ = envp;
+	do auxv++; while (*auxv);
+	libc.auxv = (void *)++auxv;
+	libc.ldso_fini = ldso_fini;
+	libc.fini = fini;
+
+	__init_security((void *)auxv);
 
 	/* Execute constructors (static) linked into the application */
 	if (init) init(argc, argv, envp);