]>
Commit | Line | Data |
---|---|---|
f9e70ac7 | 1 | --- malloc/malloc.c 2004-08-03 18:06:35 -0400 |
2 | +++ malloc/malloc.c 2004-08-03 18:08:53 -0400 | |
3 | @@ -311,6 +311,10 @@ | |
4 | #define assert(x) ((void)0) | |
5 | #endif | |
6 | ||
7 | +#include <abort-instr.h> | |
8 | +#ifndef ABORT_INSTRUCTION | |
9 | +#define ABORT_INSTRUCTION | |
10 | +#endif | |
11 | ||
12 | /* | |
13 | INTERNAL_SIZE_T is the word-size used for internal bookkeeping | |
14 | @@ -1951,6 +1955,13 @@ | |
15 | #define unlink(P, BK, FD) { \ | |
16 | FD = P->fd; \ | |
17 | BK = P->bk; \ | |
18 | + if (FD->bk != P || BK->fd != P) \ | |
19 | + { \ | |
20 | + ABORT_INSTRUCTION; \ | |
21 | + _exit(127); \ | |
22 | + while (1) \ | |
23 | + ABORT_INSTRUCTION; \ | |
24 | + } \ | |
25 | FD->bk = BK; \ | |
26 | BK->fd = FD; \ | |
27 | } | |
28 | --- sysdeps/generic/unsecvars.h 2004-08-03 18:13:13 -0400 | |
29 | +++ sysdeps/generic/unsecvars.h 2004-08-03 18:11:41 -0400 | |
30 | @@ -3,6 +3,8 @@ | |
31 | with a '\0' explicitly. */ | |
32 | #define UNSECURE_ENVVARS \ | |
33 | "LD_PRELOAD\0" \ | |
34 | + "LD_DEBUG\0" \ | |
35 | + "LD_TRACE_PRELINKING\0" \ | |
36 | "LD_LIBRARY_PATH\0" \ | |
37 | "LD_ORIGIN_PATH\0" \ | |
38 | "LD_DEBUG_OUTPUT\0" \ | |
39 | --- elf/rtld.c 2003-01-07 13:47:35 -0500 | |
40 | +++ elf/rtld.c 2004-08-03 22:15:51 -0400 | |
41 | @@ -1762,6 +1762,30 @@ | |
42 | GL(dl_profile_output) | |
43 | = &"/var/tmp\0/var/profile"[INTUSE(__libc_enable_secure) ? 9 : 0]; | |
44 | ||
45 | + /* Extra security for SUID binaries. Remove all dangerous environment | |
46 | + variables. */ | |
47 | + if (__builtin_expect (INTUSE(__libc_enable_secure), 0)) | |
48 | + { | |
49 | + static const char unsecure_envvars[] = | |
50 | +#ifdef EXTRA_UNSECURE_ENVVARS | |
51 | + EXTRA_UNSECURE_ENVVARS | |
52 | +#endif | |
53 | + UNSECURE_ENVVARS; | |
54 | + const char *nextp; | |
55 | + | |
56 | + nextp = unsecure_envvars; | |
57 | + do | |
58 | + { | |
59 | + unsetenv (nextp); | |
60 | + /* We could use rawmemchr but this need not be fast. */ | |
61 | + nextp = (char *) (strchr) (nextp, '\0') + 1; | |
62 | + } | |
63 | + while (*nextp != '\0'); | |
64 | + | |
65 | + if (__access ("/etc/suid-debug", F_OK) != 0) | |
66 | + unsetenv ("MALLOC_CHECK_"); | |
67 | + } | |
68 | + | |
69 | while ((envline = _dl_next_ld_env_entry (&runp)) != NULL) | |
70 | { | |
71 | size_t len = 0; | |
72 | @@ -1897,33 +1921,10 @@ | |
73 | /* The caller wants this information. */ | |
74 | *modep = mode; | |
75 | ||
76 | - /* Extra security for SUID binaries. Remove all dangerous environment | |
77 | - variables. */ | |
78 | - if (__builtin_expect (INTUSE(__libc_enable_secure), 0)) | |
79 | - { | |
80 | - static const char unsecure_envvars[] = | |
81 | -#ifdef EXTRA_UNSECURE_ENVVARS | |
82 | - EXTRA_UNSECURE_ENVVARS | |
83 | -#endif | |
84 | - UNSECURE_ENVVARS; | |
85 | - const char *nextp; | |
86 | - | |
87 | - nextp = unsecure_envvars; | |
88 | - do | |
89 | - { | |
90 | - unsetenv (nextp); | |
91 | - /* We could use rawmemchr but this need not be fast. */ | |
92 | - nextp = (char *) (strchr) (nextp, '\0') + 1; | |
93 | - } | |
94 | - while (*nextp != '\0'); | |
95 | - | |
96 | - if (__access ("/etc/suid-debug", F_OK) != 0) | |
97 | - unsetenv ("MALLOC_CHECK_"); | |
98 | - } | |
99 | /* If we have to run the dynamic linker in debugging mode and the | |
100 | LD_DEBUG_OUTPUT environment variable is given, we write the debug | |
101 | messages to this file. */ | |
102 | - else if (any_debug && debug_output != NULL) | |
103 | + if (any_debug && debug_output != NULL) | |
104 | { | |
105 | #ifdef O_NOFOLLOW | |
106 | const int flags = O_WRONLY | O_APPEND | O_CREAT | O_NOFOLLOW; |