1
From 96611391ad8823ba58405325d78cefeae5cdf699 Mon Sep 17 00:00:00 2001
2
From: Andreas Schwab <schwab@redhat.com>
3
Date: Thu, 9 Dec 2010 15:00:59 +0100
4
Subject: [PATCH] Ignore origin of privileged program
7
elf/dl-load.c | 54 ++++++++++++++++++++++++++++++++----------------------
8
elf/dl-object.c | 3 +++
9
2 files changed, 35 insertions(+), 22 deletions(-)
11
From 101fdc24deea7f3895d82db9c89fa41af29a2f1e Mon Sep 17 00:00:00 2001
12
From: Andreas Schwab <schwab@redhat.com>
13
Date: Wed, 9 Mar 2011 18:39:31 +0100
14
Subject: [PATCH] Don't leave empty element in rpath when skipping the first element
17
elf/dl-load.c | 54 ++++++++++++++++++++++++++++++++----------------------
18
elf/dl-object.c | 3 +++
19
2 files changed, 35 insertions(+), 22 deletions(-)
21
From 049b59f78fdcb533fe2999ba73daa32c2f8cb758 Mon Sep 17 00:00:00 2001
22
From: Andreas Schwab <schwab@redhat.com>
23
Date: Wed, 9 Mar 2011 18:42:06 +0100
24
Subject: [PATCH] Ignore rpath elements containing non-isolated use of $ORIGIN when privileged
27
elf/dl-load.c | 54 ++++++++++++++++++++++++++++++++----------------------
28
elf/dl-object.c | 3 +++
29
2 files changed, 35 insertions(+), 22 deletions(-)
33
[Ubuntu note: patches differ from upstream in that the changes to
34
the Changelog file have been dropped to minimize patch conflicts.]
36
Index: b/elf/dl-object.c
37
===================================================================
40
@@ -144,6 +144,9 @@ _dl_new_object (char *realname, const ch
42
new->l_scope[idx] = &loader->l_searchlist;
44
+ else if (INTUSE(__libc_enable_secure) && type == lt_executable)
45
+ /* The origin of a privileged program cannot be trusted. */
46
+ new->l_origin = (char *) -1;
48
new->l_local_scope[0] = &new->l_searchlist;
50
Index: b/elf/dl-load.c
51
===================================================================
54
@@ -169,8 +169,7 @@ local_strdup (const char *s)
58
-is_dst (const char *start, const char *name, const char *str,
59
- int is_path, int secure)
60
+is_dst (const char *start, const char *name, const char *str, int is_path)
63
bool is_curly = false;
64
@@ -199,11 +198,6 @@ is_dst (const char *start, const char *n
65
&& (!is_path || name[len] != ':'))
68
- if (__builtin_expect (secure, 0)
69
- && ((name[len] != '\0' && (!is_path || name[len] != ':'))
70
- || (name != start + 1 && (!is_path || name[-2] != ':'))))
76
@@ -218,13 +212,10 @@ _dl_dst_count (const char *name, int is_
80
- /* $ORIGIN is not expanded for SUID/GUID programs (except if it
81
- is $ORIGIN alone) and it must always appear first in path. */
83
- if ((len = is_dst (start, name, "ORIGIN", is_path,
84
- INTUSE(__libc_enable_secure))) != 0
85
- || (len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0
86
- || (len = is_dst (start, name, "LIB", is_path, 0)) != 0)
87
+ if ((len = is_dst (start, name, "ORIGIN", is_path)) != 0
88
+ || (len = is_dst (start, name, "PLATFORM", is_path)) != 0
89
+ || (len = is_dst (start, name, "LIB", is_path)) != 0)
92
name = strchr (name + len, '$');
93
@@ -256,9 +247,16 @@ _dl_dst_substitute (struct link_map *l,
97
- if ((len = is_dst (start, name, "ORIGIN", is_path,
98
- INTUSE(__libc_enable_secure))) != 0)
99
+ if ((len = is_dst (start, name, "ORIGIN", is_path)) != 0)
101
+ /* $ORIGIN is not expanded for SUID/GUID programs
102
+ (except if it is $ORIGIN alone) and it must always
103
+ appear first in path. */
104
+ if (__builtin_expect (INTUSE(__libc_enable_secure), 0)
105
+ && ((name[len] != '\0' && (!is_path || name[len] != ':'))
106
+ || (name != start + 1 && (!is_path || name[-2] != ':'))))
107
+ repl = (const char *) -1;
111
repl = _dl_get_origin ();
112
@@ -266,9 +264,9 @@ _dl_dst_substitute (struct link_map *l,
116
- else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0)
117
+ else if ((len = is_dst (start, name, "PLATFORM", is_path)) != 0)
118
repl = GLRO(dl_platform);
119
- else if ((len = is_dst (start, name, "LIB", is_path, 0)) != 0)
120
+ else if ((len = is_dst (start, name, "LIB", is_path)) != 0)
123
if (repl != NULL && repl != (const char *) -1)
124
@@ -284,6 +282,10 @@ _dl_dst_substitute (struct link_map *l,
126
while (*name != '\0' && (!is_path || *name != ':'))
128
+ /* Also skip following colon if this is the first rpath
129
+ element, but keep an empty element at the end. */
130
+ if (wp == result && is_path && *name == ':' && name[1] != '\0')
134
/* No DST we recognize. */
135
@@ -310,7 +312,7 @@ _dl_dst_substitute (struct link_map *l,
136
belonging to the map is loaded. In this case the path element
137
containing $ORIGIN is left out. */
139
-expand_dynamic_string_token (struct link_map *l, const char *s)
140
+expand_dynamic_string_token (struct link_map *l, const char *s, int is_path)
142
/* We make two runs over the string. First we determine how large the
143
resulting string is and then we copy it over. Since this is no
144
@@ -321,7 +323,7 @@ expand_dynamic_string_token (struct link
147
/* Determine the number of DST elements. */
148
- cnt = DL_DST_COUNT (s, 1);
149
+ cnt = DL_DST_COUNT (s, is_path);
151
/* If we do not have to replace anything simply copy the string. */
152
if (__builtin_expect (cnt, 0) == 0)
153
@@ -335,7 +337,7 @@ expand_dynamic_string_token (struct link
157
- return _dl_dst_substitute (l, s, result, 1);
158
+ return _dl_dst_substitute (l, s, result, is_path);
162
@@ -551,13 +553,21 @@ decompose_rpath (struct r_search_path_st
164
/* Make a writable copy. At the same time expand possible dynamic
166
- copy = expand_dynamic_string_token (l, rpath);
167
+ copy = expand_dynamic_string_token (l, rpath, 1);
170
errstring = N_("cannot create RUNPATH/RPATH copy");
174
+ /* Ignore empty rpaths. */
178
+ sps->dirs = (struct r_search_path_elem **) -1;
182
/* Count the number of necessary elements in the result array. */
184
for (cp = copy; *cp != '\0'; ++cp)
185
@@ -2179,7 +2189,7 @@ _dl_map_object (struct link_map *loader,
187
/* The path may contain dynamic string tokens. */
189
- ? expand_dynamic_string_token (loader, name)
190
+ ? expand_dynamic_string_token (loader, name, 0)
191
: local_strdup (name));
192
if (realname == NULL)