| f9e70ac7 |
1 | --- malloc/malloc.c 2004-08-03 18:06:35 -0400 |
| 2 | +++ malloc/malloc.c 2004-08-03 18:08:53 -0400 |
| 3 | @@ -311,6 +311,10 @@ |
| 4 | #define assert(x) ((void)0) |
| 5 | #endif |
| 6 | |
| 7 | +#include <abort-instr.h> |
| 8 | +#ifndef ABORT_INSTRUCTION |
| 9 | +#define ABORT_INSTRUCTION |
| 10 | +#endif |
| 11 | |
| 12 | /* |
| 13 | INTERNAL_SIZE_T is the word-size used for internal bookkeeping |
| 14 | @@ -1951,6 +1955,13 @@ |
| 15 | #define unlink(P, BK, FD) { \ |
| 16 | FD = P->fd; \ |
| 17 | BK = P->bk; \ |
| 18 | + if (FD->bk != P || BK->fd != P) \ |
| 19 | + { \ |
| 20 | + ABORT_INSTRUCTION; \ |
| 21 | + _exit(127); \ |
| 22 | + while (1) \ |
| 23 | + ABORT_INSTRUCTION; \ |
| 24 | + } \ |
| 25 | FD->bk = BK; \ |
| 26 | BK->fd = FD; \ |
| 27 | } |
| 28 | --- sysdeps/generic/unsecvars.h 2004-08-03 18:13:13 -0400 |
| 29 | +++ sysdeps/generic/unsecvars.h 2004-08-03 18:11:41 -0400 |
| 30 | @@ -3,6 +3,8 @@ |
| 31 | with a '\0' explicitly. */ |
| 32 | #define UNSECURE_ENVVARS \ |
| 33 | "LD_PRELOAD\0" \ |
| 34 | + "LD_DEBUG\0" \ |
| 35 | + "LD_TRACE_PRELINKING\0" \ |
| 36 | "LD_LIBRARY_PATH\0" \ |
| 37 | "LD_ORIGIN_PATH\0" \ |
| 38 | "LD_DEBUG_OUTPUT\0" \ |
| 39 | --- elf/rtld.c 2003-01-07 13:47:35 -0500 |
| 40 | +++ elf/rtld.c 2004-08-03 22:15:51 -0400 |
| 41 | @@ -1762,6 +1762,30 @@ |
| 42 | GL(dl_profile_output) |
| 43 | = &"/var/tmp\0/var/profile"[INTUSE(__libc_enable_secure) ? 9 : 0]; |
| 44 | |
| 45 | + /* Extra security for SUID binaries. Remove all dangerous environment |
| 46 | + variables. */ |
| 47 | + if (__builtin_expect (INTUSE(__libc_enable_secure), 0)) |
| 48 | + { |
| 49 | + static const char unsecure_envvars[] = |
| 50 | +#ifdef EXTRA_UNSECURE_ENVVARS |
| 51 | + EXTRA_UNSECURE_ENVVARS |
| 52 | +#endif |
| 53 | + UNSECURE_ENVVARS; |
| 54 | + const char *nextp; |
| 55 | + |
| 56 | + nextp = unsecure_envvars; |
| 57 | + do |
| 58 | + { |
| 59 | + unsetenv (nextp); |
| 60 | + /* We could use rawmemchr but this need not be fast. */ |
| 61 | + nextp = (char *) (strchr) (nextp, '\0') + 1; |
| 62 | + } |
| 63 | + while (*nextp != '\0'); |
| 64 | + |
| 65 | + if (__access ("/etc/suid-debug", F_OK) != 0) |
| 66 | + unsetenv ("MALLOC_CHECK_"); |
| 67 | + } |
| 68 | + |
| 69 | while ((envline = _dl_next_ld_env_entry (&runp)) != NULL) |
| 70 | { |
| 71 | size_t len = 0; |
| 72 | @@ -1897,33 +1921,10 @@ |
| 73 | /* The caller wants this information. */ |
| 74 | *modep = mode; |
| 75 | |
| 76 | - /* Extra security for SUID binaries. Remove all dangerous environment |
| 77 | - variables. */ |
| 78 | - if (__builtin_expect (INTUSE(__libc_enable_secure), 0)) |
| 79 | - { |
| 80 | - static const char unsecure_envvars[] = |
| 81 | -#ifdef EXTRA_UNSECURE_ENVVARS |
| 82 | - EXTRA_UNSECURE_ENVVARS |
| 83 | -#endif |
| 84 | - UNSECURE_ENVVARS; |
| 85 | - const char *nextp; |
| 86 | - |
| 87 | - nextp = unsecure_envvars; |
| 88 | - do |
| 89 | - { |
| 90 | - unsetenv (nextp); |
| 91 | - /* We could use rawmemchr but this need not be fast. */ |
| 92 | - nextp = (char *) (strchr) (nextp, '\0') + 1; |
| 93 | - } |
| 94 | - while (*nextp != '\0'); |
| 95 | - |
| 96 | - if (__access ("/etc/suid-debug", F_OK) != 0) |
| 97 | - unsetenv ("MALLOC_CHECK_"); |
| 98 | - } |
| 99 | /* If we have to run the dynamic linker in debugging mode and the |
| 100 | LD_DEBUG_OUTPUT environment variable is given, we write the debug |
| 101 | messages to this file. */ |
| 102 | - else if (any_debug && debug_output != NULL) |
| 103 | + if (any_debug && debug_output != NULL) |
| 104 | { |
| 105 | #ifdef O_NOFOLLOW |
| 106 | const int flags = O_WRONLY | O_APPEND | O_CREAT | O_NOFOLLOW; |
projects / packages / glibc.git / blame