|
Message-ID: <CAPLrYESPGdX7gLQ8BuHaZs74m+ihestzq7EeLPfoNUcJy25zFw@mail.gmail.com> Date: Fri, 28 Mar 2014 17:34:29 +0100 From: Daniel Cegiełka <daniel.cegielka@...il.com> To: musl@...ts.openwall.com Subject: Re: be able to break inheritance of LD_LIBRARY_PATH 2014-03-28 11:42 GMT+01:00 <u-igbb@...ey.se>: > > A naïve implementation might look as follows: > > --- src/ldso/dynlink.c.ori 2014-03-28 10:37:34.821317811 +0100 > +++ src/ldso/dynlink.c 2014-03-28 11:21:16.828047766 +0100 > @@ -962,6 +962,7 @@ > size_t vdso_base; > size_t *auxv; > char **envp = argv+argc+1; > + int forget_ld_library_path = 0; > > /* Find aux vector just past environ[] */ > for (i=argc+1; argv[i]; i++) > @@ -969,8 +970,19 @@ > env_path = argv[i]+16; > else if (!memcmp(argv[i], "LD_PRELOAD=", 11)) > env_preload = argv[i]+11; > + else if (!memcmp(argv[i], "FORGET_LD_LIBRARY_PATH=", 23)) > + forget_ld_library_path = 1; > auxv = (void *)(argv+i+1); > > + /* one _may_ wish to break the inheritance of LD_LIBRARY_PATH, > + * the hack below only works if the corresponding memory is writable > + * -- rl */ > + if (forget_ld_library_path) > + for (i=argc+1; argv[i]; i++) > + if (!memcmp(argv[i], "LD_LIBRARY_PATH=", 16) || > + !memcmp(argv[i], "FORGET_LD_LIBRARY_PATH=", 23)) > + argv[i][0] = 'X'; > + > decode_vec(auxv, aux, AUX_CNT); > > /* Only trust user/env if kernel says we're not suid/sgid */ > > > What do you think about this? Can this or something better be done? > I would love to be able to go with musl. Hi Rune, I don't understand why you expect that users wants this functionality. Is this raises the risk for SUID/SGID? /* Only trust user/env if kernel says we're not suid/sgid */ if ((aux[0]&0x7800)!=0x7800 || aux[AT_UID]!=aux[AT_EUID] || aux[AT_GID]!=aux[AT_EGID] || aux[AT_SECURE]) { env_path = 0; env_preload = 0; libc.secure = 1; } but where is hardering for forget_ld_library_path? Daniel > > Regards, > Rune >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.