diff options
author | Ulrich Drepper <drepper@redhat.com> | 1998-07-08 22:53:56 +0000 |
---|---|---|
committer | Ulrich Drepper <drepper@redhat.com> | 1998-07-08 22:53:56 +0000 |
commit | 4bae55673314ecad6127cc156b1e5e5bb3c88b57 (patch) | |
tree | 0852b2d8bcf4eaf45fad45bac6ae5d51955dbad9 /elf/rtld.c | |
parent | a3d6fb9b428a51048b31eacd6fe7fad7095ccfd5 (diff) | |
download | glibc-4bae55673314ecad6127cc156b1e5e5bb3c88b57.tar.gz |
Update.
1998-07-08 22:18 Ulrich Drepper <drepper@cygnus.com>
* elf/Versions: Add _dl_mcount_wrapper_check.
* elf/dlfcn.h (DL_CALL_FCT): Don't test _dl_profile_map, simply use
_dl_mcount_wrapper_check.
* iconv/skeleton.c: Use DL_CALL_FCT, not _CALL_DL_FCT.
* elf/dl-reloc.c (_dl_relocate_object): Don't declare using
internal_function.
* elf/ldsodefs.h: Likewise.
* io/fcntl.h: Define SEEK_SET, SEEK_CUR, and SEEK_END.
* libio/stdio.h: Make sure va_list is defined for X/Open.
Define P_tmpdir for X/Open.
* posix/regex.h: Fix typo.
* posix/unistd.h: Define intptr_t if not already happened.
Add pthread_atfork prototype.
* sysdeps/generic/bits/types.h: Define __intptr_t.
* sysdeps/unix/sysv/linux/alpha/bits/types.h: Likewise.
* sysdeps/unix/sysv/linux/bits/types.h: Likewise.
* sysdeps/unix/sysv/linux/bits/mips/types.h: Likewise.
* sysdeps/unix/sysv/linux/bits/sparc/sparc64/types.h: Likewise.
* sysdeps/unix/sysv/sysv4/solaris2/bits/types.h: Likewise.
* sysdeps/wordsize-32/stdint.h: Don't define intptr_t if already done.
* sysdeps/wordsize-64/stdint.h: Likewise.
* posix/bits/posix1_lim.h: Define _POSIX_CLOCKRES_MIN.
* signal/Makefile (headers): Add bits/sigthread.h.
* signal/signal.h: Include bits/sigthread.h.
* sysdeps/generic/bits/sigthread.h: New file.
* stdlib/stdlib.h: Declare rand_r use __USE_POSIX.
* sysdeps/generic/bits/confname.h: Define _PC_FILESIZEBITS.
* sysdeps/posix/pathconf.c: Handle _PC_FILESIZEBITS.
* sysdeps/unix/sysv/linux/alpha/fpathconf.c: New file.
* sysdeps/unix/sysv/linux/alpha/pathconf.c: New file.
* sysdeps/generic/bits/dlfcn.h: Define RTLD_LOCAL.
* elf/rtld.c: Remove preloading and loadpath variables in SUID
programs.
* sysdeps/generic/dl-sysdep.c: Define unsetenv.
* sysdeps/unix/sysv/linux/i386/dl-librecon.h: Define other envvar
names.
* sysdeps/unix/sysv/linux/bits/errno.h: Define ECANCELED.
* sysdeps/unix/sysv/linux/bits/fcntl.h: Define O_RSYNC and O_DSYNC.
Remove O_READ and O_WRITE definition.
* sysdeps/unix/sysv/linux/bits/resource.h: Define RLIM_SAVED_MAX
and RLIM_SAVED_CUR.
* sysdeps/unix/sysv/linux/fstatvfs.h: Handle UFS filesystem.
1998-07-06 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
* Makerules ($(common-objpfx)sysd-versions): Expect awk script in
scripts directory. Pass move-if-change to awk.
(common-generated): Add $(version-maps) and sysd-versions.
* versions.awk: Moved to...
* scripts/versions.awk: ... here. Use move-if-change to void
touching unchanged files. Print "version-maps = ..." instead of
"all-version-maps = ..." and without $(common-objpfx). Explain
expected variable names.
* Makefile (distribute): Updated.
1998-07-06 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
* misc/getttyent.c (getttyent): Don't return with locked stream.
* misc/mntent_r.c (__getmntent_r): Likewise.
1998-07-07 18:24 Ulrich Drepper <drepper@cygnus.com>
* libio/fileops.c (_IO_do_write): Don't shrink wwrite buffer to zero
if stream is line buffered.
(_io_file_overflow): Likewise.
* libio/libio.h (_IO_putc_unlocked): Make sure that for line-buffered
streams writing '\n' flushes the string.
Diffstat (limited to 'elf/rtld.c')
-rw-r--r-- | elf/rtld.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/elf/rtld.c b/elf/rtld.c index df5db230f4..f1b612166d 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -1193,6 +1193,29 @@ process_envvars (enum mode *modep, int *lazyp) } } + /* Extra security for SUID binaries. Remove all dangerous environment + variables. */ + if (__libc_enable_secure) + { + static const char *unsecure_envvars[] = + { +#ifdef EXTRA_UNSECURE_ENVVARS + EXTRA_UNSECURE_ENVVARS +#endif + }; + size_t cnt; + + if (preloadlist != NULL) + unsetenv ("LD_PRELOAD"); + if (library_path != NULL) + unsetenv ("LD_LIBRARY_PATH"); + + for (cnt = 0; + cnt < sizeof (unsecure_envvars) / sizeof (unsecure_envvars[0]); + ++cnt) + unsetenv (unsecure_envvars[cnt]); + } + /* If we have to run the dynamic linker in debugging mode and the LD_DEBUG_OUTPUT environment variable is given, we write the debug messages to this file. */ |