glibc-LD_DEBUG.patch

   1 --- malloc/malloc.c     2004-08-03 18:06:35 -0400
   2 +++ malloc/malloc.c     2004-08-03 18:08:53 -0400
   3 @@ -311,6 +311,10 @@
   4  #define assert(x) ((void)0)
   5  #endif
   6
   7 +#include <abort-instr.h>
   8 +#ifndef ABORT_INSTRUCTION
   9 +#define ABORT_INSTRUCTION
  10 +#endif
  11
  12  /*
  13    INTERNAL_SIZE_T is the word-size used for internal bookkeeping
  14 @@ -1951,6 +1955,13 @@
  15  #define unlink(P, BK, FD) {                                            \
  16    FD = P->fd;                                                          \
  17    BK = P->bk;                                                          \
  18 +  if (FD->bk != P || BK->fd != P)                                      \
  19 +  {                                                                    \
  20 +    ABORT_INSTRUCTION;                                                 \
  21 +    _exit(127);                                                        \
  22 +    while (1)                                                          \
  23 +      ABORT_INSTRUCTION;                                               \
  24 +  }                                                                    \
  25    FD->bk = BK;                                                         \
  26    BK->fd = FD;                                                         \
  27  }
  28 --- sysdeps/generic/unsecvars.h 2004-08-03 18:13:13 -0400
  29 +++ sysdeps/generic/unsecvars.h 2004-08-03 18:11:41 -0400
  30 @@ -3,6 +3,8 @@
  31     with a '\0' explicitly.  */
  32  #define UNSECURE_ENVVARS \
  33    "LD_PRELOAD\0"                                                             \
  34 +  "LD_DEBUG\0"                                                               \
  35 +  "LD_TRACE_PRELINKING\0"                                                            \
  36    "LD_LIBRARY_PATH\0"                                                        \
  37    "LD_ORIGIN_PATH\0"                                                         \
  38    "LD_DEBUG_OUTPUT\0"                                                        \
  39 --- elf/rtld.c  2003-01-07 13:47:35 -0500
  40 +++ elf/rtld.c  2004-08-03 22:15:51 -0400
  41 @@ -1762,6 +1762,30 @@
  42    GL(dl_profile_output)
  43      = &"/var/tmp\0/var/profile"[INTUSE(__libc_enable_secure) ? 9 : 0];
  44
  45 +  /* Extra security for SUID binaries.  Remove all dangerous environment
  46 +     variables.  */
  47 +  if (__builtin_expect (INTUSE(__libc_enable_secure), 0))
  48 +    {
  49 +      static const char unsecure_envvars[] =
  50 +#ifdef EXTRA_UNSECURE_ENVVARS
  51 +       EXTRA_UNSECURE_ENVVARS
  52 +#endif
  53 +       UNSECURE_ENVVARS;
  54 +      const char *nextp;
  55 +
  56 +      nextp = unsecure_envvars;
  57 +      do
  58 +       {
  59 +         unsetenv (nextp);
  60 +         /* We could use rawmemchr but this need not be fast.  */
  61 +         nextp = (char *) (strchr) (nextp, '\0') + 1;
  62 +       }
  63 +      while (*nextp != '\0');
  64 +
  65 +      if (__access ("/etc/suid-debug", F_OK) != 0)
  66 +       unsetenv ("MALLOC_CHECK_");
  67 +    }
  68 +
  69    while ((envline = _dl_next_ld_env_entry (&runp)) != NULL)
  70      {
  71        size_t len = 0;
  72 @@ -1897,33 +1921,10 @@
  73    /* The caller wants this information.  */
  74    *modep = mode;
  75
  76 -  /* Extra security for SUID binaries.  Remove all dangerous environment
  77 -     variables.  */
  78 -  if (__builtin_expect (INTUSE(__libc_enable_secure), 0))
  79 -    {
  80 -      static const char unsecure_envvars[] =
  81 -#ifdef EXTRA_UNSECURE_ENVVARS
  82 -       EXTRA_UNSECURE_ENVVARS
  83 -#endif
  84 -       UNSECURE_ENVVARS;
  85 -      const char *nextp;
  86 -
  87 -      nextp = unsecure_envvars;
  88 -      do
  89 -       {
  90 -         unsetenv (nextp);
  91 -         /* We could use rawmemchr but this need not be fast.  */
  92 -         nextp = (char *) (strchr) (nextp, '\0') + 1;
  93 -       }
  94 -      while (*nextp != '\0');
  95 -
  96 -      if (__access ("/etc/suid-debug", F_OK) != 0)
  97 -       unsetenv ("MALLOC_CHECK_");
  98 -    }
  99    /* If we have to run the dynamic linker in debugging mode and the
 100       LD_DEBUG_OUTPUT environment variable is given, we write the debug
 101       messages to this file.  */
 102 -  else if (any_debug && debug_output != NULL)
 103 +  if (any_debug && debug_output != NULL)
 104      {
 105  #ifdef O_NOFOLLOW
 106        const int flags = O_WRONLY | O_APPEND | O_CREAT | O_NOFOLLOW;