Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Matthias Maier (tamiko)" <tamiko@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo commit in src/patchsets/glibc/2.24: 00_all_0049-rtld-Completely-ignore-LD_LIBRARY_PATH-for-AT_SECURE.patch 00_all_0050-rtld-Reject-overly-long-LD_AUDIT-path-elements.patch 00_all_0051-rtld-Reject-overly-long-LD_PRELOAD-path-elements.patch 00_all_0052-Add-IS_IN-guard-to-multiarch-IFUNC-implementations.patch 00_all_0053-Ignore-and-remove-LD_HWCAP_MASK-for-AT_SECURE-progra.patch README.history
Date: Mon, 19 Jun 2017 16:45:14
Message-Id: 20170619164510.3A1A87481@oystercatcher.gentoo.org
1 tamiko 17/06/19 16:45:10
2
3 Modified: README.history
4 Added:
5 00_all_0049-rtld-Completely-ignore-LD_LIBRARY_PATH-for-AT_SECURE.patch
6 00_all_0050-rtld-Reject-overly-long-LD_AUDIT-path-elements.patch
7 00_all_0051-rtld-Reject-overly-long-LD_PRELOAD-path-elements.patch
8 00_all_0052-Add-IS_IN-guard-to-multiarch-IFUNC-implementations.patch
9 00_all_0053-Ignore-and-remove-LD_HWCAP_MASK-for-AT_SECURE-progra.patch
10 Log:
11 glibc-2.24: update to patchset 8
12
13 Revision Changes Path
14 1.8 src/patchsets/glibc/2.24/README.history
15
16 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.24/README.history?rev=1.8&view=markup
17 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.24/README.history?rev=1.8&content-type=text/plain
18 diff : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.24/README.history?r1=1.7&r2=1.8
19
20 Index: README.history
21 ===================================================================
22 RCS file: /var/cvsroot/gentoo/src/patchsets/glibc/2.24/README.history,v
23 retrieving revision 1.7
24 retrieving revision 1.8
25 diff -u -r1.7 -r1.8
26 --- README.history 14 Jun 2017 22:28:44 -0000 1.7
27 +++ README.history 19 Jun 2017 16:45:10 -0000 1.8
28 @@ -1,3 +1,10 @@
29 +8 15 June 2017
30 + + 00_all_0049-rtld-Completely-ignore-LD_LIBRARY_PATH-for-AT_SECURE.patch
31 + + 00_all_0050-rtld-Reject-overly-long-LD_AUDIT-path-elements.patch
32 + + 00_all_0051-rtld-Reject-overly-long-LD_PRELOAD-path-elements.patch
33 + + 00_all_0052-Add-IS_IN-guard-to-multiarch-IFUNC-implementations.patch
34 + + 00_all_0053-Ignore-and-remove-LD_HWCAP_MASK-for-AT_SECURE-progra.patch
35 +
36 7 15 June 2017
37 + 00_all_0047-posix_spawn-use-a-larger-min-stack-for-fstack-check-.patch
38 + 00_all_0048-sh-Fix-building-with-gcc5-6.patch
39
40
41
42 1.1 src/patchsets/glibc/2.24/00_all_0049-rtld-Completely-ignore-LD_LIBRARY_PATH-for-AT_SECURE.patch
43
44 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.24/00_all_0049-rtld-Completely-ignore-LD_LIBRARY_PATH-for-AT_SECURE.patch?rev=1.1&view=markup
45 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.24/00_all_0049-rtld-Completely-ignore-LD_LIBRARY_PATH-for-AT_SECURE.patch?rev=1.1&content-type=text/plain
46
47 Index: 00_all_0049-rtld-Completely-ignore-LD_LIBRARY_PATH-for-AT_SECURE.patch
48 ===================================================================
49 From 4d009d39ac9ede0369e268554a181b428f177a80 Mon Sep 17 00:00:00 2001
50 Message-Id: <4d009d39ac9ede0369e268554a181b428f177a80.1495998948.git.fweimer@××××××.com>
51 In-Reply-To: <cover.1495998948.git.fweimer@××××××.com>
52 References: <cover.1495998948.git.fweimer@××××××.com>
53 From: Florian Weimer <fweimer@××××××.com>
54 Date: Sun, 28 May 2017 20:37:40 +0200
55 Subject: [PATCH 1/3] rtld: Completely ignore LD_LIBRARY_PATH for AT_SECURE=1
56 programs
57 To: libc-alpha@××××××××××.org
58
59 LD_LIBRARY_PATH can only be used to reorder system search paths, which
60 is not useful functionality.
61 ---
62 elf/rtld.c | 3 ++-
63 1 file changed, 2 insertions(+), 1 deletion(-)
64
65 diff --git a/elf/rtld.c b/elf/rtld.c
66 index 319ef06..824b6cf 100644
67 --- a/elf/rtld.c
68 +++ b/elf/rtld.c
69 @@ -2419,7 +2419,8 @@ process_envvars (enum mode *modep)
70
71 case 12:
72 /* The library search path. */
73 - if (memcmp (envline, "LIBRARY_PATH", 12) == 0)
74 + if (!__libc_enable_secure
75 + && memcmp (envline, "LIBRARY_PATH", 12) == 0)
76 {
77 library_path = &envline[13];
78 break;
79 --
80 2.9.4
81
82
83
84
85 1.1 src/patchsets/glibc/2.24/00_all_0050-rtld-Reject-overly-long-LD_AUDIT-path-elements.patch
86
87 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.24/00_all_0050-rtld-Reject-overly-long-LD_AUDIT-path-elements.patch?rev=1.1&view=markup
88 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.24/00_all_0050-rtld-Reject-overly-long-LD_AUDIT-path-elements.patch?rev=1.1&content-type=text/plain
89
90 Index: 00_all_0050-rtld-Reject-overly-long-LD_AUDIT-path-elements.patch
91 ===================================================================
92 From ba67ba3275d47e0080f0e5f09d9f5102c000c97e Mon Sep 17 00:00:00 2001
93 Message-Id: <ba67ba3275d47e0080f0e5f09d9f5102c000c97e.1495998948.git.fweimer@××××××.com>
94 In-Reply-To: <cover.1495998948.git.fweimer@××××××.com>
95 References: <cover.1495998948.git.fweimer@××××××.com>
96 From: Florian Weimer <fweimer@××××××.com>
97 Date: Sun, 28 May 2017 20:44:52 +0200
98 Subject: [PATCH 3/3] rtld: Reject overly long LD_AUDIT path elements
99 To: libc-alpha@××××××××××.org
100
101 Also only process the last LD_AUDIT entry.
102 ---
103 elf/rtld.c | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++---------
104 1 file changed, 95 insertions(+), 15 deletions(-)
105
106 diff --git a/elf/rtld.c b/elf/rtld.c
107 index 215a9ae..511c6bf 100644
108 --- a/elf/rtld.c
109 +++ b/elf/rtld.c
110 @@ -100,13 +100,91 @@ strong_alias (__pointer_chk_guard_local, __pointer_chk_guard)
111 #endif
112
113
114 -/* List of auditing DSOs. */
115 +/* LD_AUDIT variable contents. Must be processed before the
116 + audit_list below. */
117 +const char *audit_list_string;
118 +
119 +/* Cyclic list of auditing DSOs. audit_list->next is the first
120 + element. */
121 static struct audit_list
122 {
123 const char *name;
124 struct audit_list *next;
125 } *audit_list;
126
127 +/* Iterator for audit_list_string followed by audit_list. */
128 +struct audit_list_iter
129 +{
130 + /* Tail of audit_list_string still needing processing, or NULL. */
131 + const char *audit_list_tail;
132 +
133 + /* The list element returned in the previous iteration. NULL before
134 + the first element. */
135 + struct audit_list *previous;
136 +
137 + /* Scratch buffer for returning a name which is part of
138 + audit_list_string. */
139 + char fname[PATH_MAX];
140 +};
141 +
142 +/* Initialize an audit list iterator. */
143 +static void
144 +audit_list_iter_init (struct audit_list_iter *iter)
145 +{
146 + iter->audit_list_tail = audit_list_string;
147 + iter->previous = NULL;
148 +}
149 +
150 +/* Iterate through both audit_list_string and audit_list. */
151 +static const char *
152 +audit_list_iter_next (struct audit_list_iter *iter)
153 +{
154 + if (iter->audit_list_tail != NULL)
155 + {
156 + /* First iterate over audit_list_string. */
157 + while (*iter->audit_list_tail != '\0')
158 + {
159 + /* Split audit list at colon. */
160 + size_t len = strcspn (iter->audit_list_tail, ":");
161 + if (len > 0 && len < PATH_MAX)
162 + {
163 + memcpy (iter->fname, iter->audit_list_tail, len);
164 + iter->fname[len] = '\0';
165 + }
166 + else
167 + /* Do not return this name to the caller. */
168 + iter->fname[0] = '\0';
169 +
170 + /* Skip over the substring and the following delimiter. */
171 + iter->audit_list_tail += len;
172 + if (*iter->audit_list_tail == ':')
173 + ++iter->audit_list_tail;
174 +
175 + /* If the name is valid, return it. */
176 + if (dso_name_valid_for_suid (iter->fname))
177 + return iter->fname;
178 + /* Otherwise, wrap around and try the next name. */
179 + }
180 + /* Fall through to the procesing of audit_list. */
181 + }
182 +
183 + if (iter->previous == NULL)
184 + {
185 + if (audit_list == NULL)
186 + /* No pre-parsed audit list. */
187 + return NULL;
188 + /* Start of audit list. The first list element is at
189 + audit_list->next (cyclic list). */
190 + iter->previous = audit_list->next;
191 + return iter->previous->name;
192 + }
193 + if (iter->previous == audit_list)
194 + /* Cyclic list wrap-around. */
195 + return NULL;
196 + iter->previous = iter->previous->next;
197 + return iter->previous->name;
198 +}
199 +
200 #ifndef HAVE_INLINED_SYSCALLS
201 /* Set nonzero during loading and initialization of executable and
202 libraries, cleared before the executable's entry point runs. This
203 @@ -1257,11 +1335,13 @@ of this helper program; chances are you did not intend to run this program.\n\
204 GL(dl_rtld_map).l_tls_modid = _dl_next_tls_modid ();
205
206 /* If we have auditing DSOs to load, do it now. */
207 - if (__glibc_unlikely (audit_list != NULL))
208 + bool need_security_init = true;
209 + if (__glibc_unlikely (audit_list != NULL)
210 + || __glibc_unlikely (audit_list_string != NULL))
211 {
212 - /* Iterate over all entries in the list. The order is important. */
213 struct audit_ifaces *last_audit = NULL;
214 - struct audit_list *al = audit_list->next;
215 + struct audit_list_iter al_iter;
216 + audit_list_iter_init (&al_iter);
217
218 /* Since we start using the auditing DSOs right away we need to
219 initialize the data structures now. */
220 @@ -1272,9 +1352,14 @@ of this helper program; chances are you did not intend to run this program.\n\
221 use different values (especially the pointer guard) and will
222 fail later on. */
223 security_init ();
224 + need_security_init = false;
225
226 - do
227 + while (true)
228 {
229 + const char *name = audit_list_iter_next (&al_iter);
230 + if (name == NULL)
231 + break;
232 +
233 int tls_idx = GL(dl_tls_max_dtv_idx);
234
235 /* Now it is time to determine the layout of the static TLS
236 @@ -1283,7 +1368,7 @@ of this helper program; chances are you did not intend to run this program.\n\
237 no DF_STATIC_TLS bit is set. The reason is that we know
238 glibc will use the static model. */
239 struct dlmopen_args dlmargs;
240 - dlmargs.fname = al->name;
241 + dlmargs.fname = name;
242 dlmargs.map = NULL;
243
244 const char *objname;
245 @@ -1296,7 +1381,7 @@ of this helper program; chances are you did not intend to run this program.\n\
246 not_loaded:
247 _dl_error_printf ("\
248 ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
249 - al->name, err_str);
250 + name, err_str);
251 if (malloced)
252 free ((char *) err_str);
253 }
254 @@ -1400,10 +1485,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
255 goto not_loaded;
256 }
257 }
258 -
259 - al = al->next;
260 }
261 - while (al != audit_list->next);
262
263 /* If we have any auditing modules, announce that we already
264 have two objects loaded. */
265 @@ -1682,7 +1764,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
266 if (tcbp == NULL)
267 tcbp = init_tls ();
268
269 - if (__glibc_likely (audit_list == NULL))
270 + if (__glibc_likely (need_security_init))
271 /* Initialize security features. But only if we have not done it
272 earlier. */
273 security_init ();
274 @@ -2313,9 +2395,7 @@ process_dl_audit (char *str)
275 char *p;
276
277 while ((p = (strsep) (&str, ":")) != NULL)
278 - if (p[0] != '\0'
279 - && (__builtin_expect (! __libc_enable_secure, 1)
280 - || strchr (p, '/') == NULL))
281 + if (dso_name_valid_for_suid (p))
282 {
283 /* This is using the local malloc, not the system malloc. The
284 memory can never be freed. */
285 @@ -2379,7 +2459,7 @@ process_envvars (enum mode *modep)
286 break;
287 }
288 if (memcmp (envline, "AUDIT", 5) == 0)
289 - process_dl_audit (&envline[6]);
290 + audit_list_string = &envline[6];
291 break;
292
293 case 7:
294
295
296
297 1.1 src/patchsets/glibc/2.24/00_all_0051-rtld-Reject-overly-long-LD_PRELOAD-path-elements.patch
298
299 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.24/00_all_0051-rtld-Reject-overly-long-LD_PRELOAD-path-elements.patch?rev=1.1&view=markup
300 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.24/00_all_0051-rtld-Reject-overly-long-LD_PRELOAD-path-elements.patch?rev=1.1&content-type=text/plain
301
302 Index: 00_all_0051-rtld-Reject-overly-long-LD_PRELOAD-path-elements.patch
303 ===================================================================
304 From 65ff0b7a085b85271ec8fde99f542281b495e3bc Mon Sep 17 00:00:00 2001
305 Message-Id: <65ff0b7a085b85271ec8fde99f542281b495e3bc.1495998948.git.fweimer@××××××.com>
306 In-Reply-To: <cover.1495998948.git.fweimer@××××××.com>
307 References: <cover.1495998948.git.fweimer@××××××.com>
308 From: Florian Weimer <fweimer@××××××.com>
309 Date: Sun, 28 May 2017 20:57:40 +0200
310 Subject: [PATCH 2/3] rtld: Reject overly long LD_PRELOAD path elements
311 To: libc-alpha@××××××××××.org
312
313 ---
314 elf/rtld.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++---------------
315 1 file changed, 53 insertions(+), 16 deletions(-)
316
317 diff --git a/elf/rtld.c b/elf/rtld.c
318 index 68b32df..a5ebb60 100644
319 --- a/elf/rtld.c
320 +++ b/elf/rtld.c
321 @@ -99,6 +99,22 @@ uintptr_t __pointer_chk_guard_local
322 strong_alias (__pointer_chk_guard_local, __pointer_chk_guard)
323 #endif
324
325 +/* Check that AT_SECURE=0, or that the passed name does not contain
326 + directories and is not overly long. Reject empty names
327 + unconditionally. */
328 +static bool
329 +dso_name_valid_for_suid (const char *p)
330 +{
331 + if (__glibc_unlikely (__libc_enable_secure))
332 + {
333 + /* Ignore pathnames with directories for AT_SECURE=1
334 + programs, and also skip overlong names. */
335 + size_t len = strlen (p);
336 + if (len >= NAME_MAX || memchr (p, '/', len) != NULL)
337 + return false;
338 + }
339 + return *p != '\0';
340 +}
341
342 /* LD_AUDIT variable contents. Must be processed before the
343 audit_list below. */
344 @@ -808,6 +824,42 @@ static const char *preloadlist attribute_relro;
345 /* Nonzero if information about versions has to be printed. */
346 static int version_info attribute_relro;
347
348 +/* The LD_PRELOAD environment variable gives list of libraries
349 + separated by white space or colons that are loaded before the
350 + executable's dependencies and prepended to the global scope list.
351 + (If the binary is running setuid all elements containing a '/' are
352 + ignored since it is insecure.) Return the number of preloads
353 + performed. */
354 +unsigned int
355 +handle_ld_preload (const char *preloadlist, struct link_map *main_map)
356 +{
357 + unsigned int npreloads = 0;
358 + const char *p = preloadlist;
359 + char fname[PATH_MAX];
360 +
361 + while (*p != '\0')
362 + {
363 + /* Split preload list at space/colon. */
364 + size_t len = strcspn (p, " :");
365 + if (len > 0 && len < PATH_MAX)
366 + {
367 + memcpy (fname, p, len);
368 + fname[len] = '\0';
369 + }
370 + else
371 + fname[0] = '\0';
372 +
373 + /* Skip over the substring and the following delimiter. */
374 + p += len;
375 + if (*p == ' ' || *p == ':')
376 + ++p;
377 +
378 + if (dso_name_valid_for_suid (fname))
379 + npreloads += do_preload (fname, main_map, "LD_PRELOAD");
380 + }
381 + return npreloads;
382 +}
383 +
384 static void
385 dl_main (const ElfW(Phdr) *phdr,
386 ElfW(Word) phnum,
387 @@ -1563,23 +1615,8 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
388
389 if (__glibc_unlikely (preloadlist != NULL))
390 {
391 - /* The LD_PRELOAD environment variable gives list of libraries
392 - separated by white space or colons that are loaded before the
393 - executable's dependencies and prepended to the global scope
394 - list. If the binary is running setuid all elements
395 - containing a '/' are ignored since it is insecure. */
396 - char *list = strdupa (preloadlist);
397 - char *p;
398 -
399 HP_TIMING_NOW (start);
400 -
401 - /* Prevent optimizing strsep. Speed is not important here. */
402 - while ((p = (strsep) (&list, " :")) != NULL)
403 - if (p[0] != '\0'
404 - && (__builtin_expect (! __libc_enable_secure, 1)
405 - || strchr (p, '/') == NULL))
406 - npreloads += do_preload (p, main_map, "LD_PRELOAD");
407 -
408 + npreloads += handle_ld_preload (preloadlist, main_map);
409 HP_TIMING_NOW (stop);
410 HP_TIMING_DIFF (diff, start, stop);
411 HP_TIMING_ACCUM_NT (load_time, diff);
412
413
414
415 1.1 src/patchsets/glibc/2.24/00_all_0052-Add-IS_IN-guard-to-multiarch-IFUNC-implementations.patch
416
417 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.24/00_all_0052-Add-IS_IN-guard-to-multiarch-IFUNC-implementations.patch?rev=1.1&view=markup
418 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.24/00_all_0052-Add-IS_IN-guard-to-multiarch-IFUNC-implementations.patch?rev=1.1&content-type=text/plain
419
420 Index: 00_all_0052-Add-IS_IN-guard-to-multiarch-IFUNC-implementations.patch
421 ===================================================================
422 From 862ee76acbf83a2d785809734b02c1929c4a0859 Mon Sep 17 00:00:00 2001
423 From: Matthias Maier <tamiko@××××.org>
424 Date: Wed, 14 Jun 2017 03:22:11 -0500
425 Subject: [PATCH] Add IS_IN guard to multiarch/IFUNC implementations
426
427 The two preceding rtld patches add the first reference to strcspn to
428 ld.so, which pulls in the multiarch/IFUNC implementations because the
429 files in question lack an IS_IN (libc) guard (which essentially disables
430 IFUNCs in ld.so).
431
432 Patch by Florian Weimer <fweimer@××××××.com>
433 ---
434 sysdeps/i386/i686/multiarch/strcspn-c.c | 6 ++++--
435 sysdeps/i386/i686/multiarch/varshift.c | 4 +++-
436 2 files changed, 7 insertions(+), 3 deletions(-)
437
438 diff --git a/sysdeps/i386/i686/multiarch/strcspn-c.c b/sysdeps/i386/i686/multiarch/strcspn-c.c
439 index 6d61e19..ec230fb 100644
440 --- a/sysdeps/i386/i686/multiarch/strcspn-c.c
441 +++ b/sysdeps/i386/i686/multiarch/strcspn-c.c
442 @@ -1,2 +1,4 @@
443 -#define __strcspn_sse2 __strcspn_ia32
444 -#include <sysdeps/x86_64/multiarch/strcspn-c.c>
445 +#if IS_IN (libc)
446 +# define __strcspn_sse2 __strcspn_ia32
447 +# include <sysdeps/x86_64/multiarch/strcspn-c.c>
448 +#endif
449 diff --git a/sysdeps/i386/i686/multiarch/varshift.c b/sysdeps/i386/i686/multiarch/varshift.c
450 index 7760b96..6742a35 100644
451 --- a/sysdeps/i386/i686/multiarch/varshift.c
452 +++ b/sysdeps/i386/i686/multiarch/varshift.c
453 @@ -1 +1,3 @@
454 -#include <sysdeps/x86_64/multiarch/varshift.c>
455 +#if IS_IN (libc)
456 +# include <sysdeps/x86_64/multiarch/varshift.c>
457 +#endif
458 --
459 2.13.0
460
461
462
463
464 1.1 src/patchsets/glibc/2.24/00_all_0053-Ignore-and-remove-LD_HWCAP_MASK-for-AT_SECURE-progra.patch
465
466 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.24/00_all_0053-Ignore-and-remove-LD_HWCAP_MASK-for-AT_SECURE-progra.patch?rev=1.1&view=markup
467 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.24/00_all_0053-Ignore-and-remove-LD_HWCAP_MASK-for-AT_SECURE-progra.patch?rev=1.1&content-type=text/plain
468
469 Index: 00_all_0053-Ignore-and-remove-LD_HWCAP_MASK-for-AT_SECURE-progra.patch
470 ===================================================================
471 From 1c1243b6fc33c029488add276e56570a07803bfd Mon Sep 17 00:00:00 2001
472 From: Siddhesh Poyarekar <siddhesh@××××××××××.org>
473 Date: Tue, 7 Mar 2017 20:52:04 +0530
474 Subject: [PATCH] Ignore and remove LD_HWCAP_MASK for AT_SECURE programs (bug
475 #21209)
476
477 The LD_HWCAP_MASK environment variable may alter the selection of
478 function variants for some architectures. For AT_SECURE process it
479 means that if an outdated routine has a bug that would otherwise not
480 affect newer platforms by default, LD_HWCAP_MASK will allow that bug
481 to be exploited.
482
483 To be on the safe side, ignore and disable LD_HWCAP_MASK for setuid
484 binaries.
485
486 [BZ #21209]
487 * elf/rtld.c (process_envvars): Ignore LD_HWCAP_MASK for
488 AT_SECURE processes.
489 * sysdeps/generic/unsecvars.h: Add LD_HWCAP_MASK.
490 * elf/tst-env-setuid.c (test_parent): Test LD_HWCAP_MASK.
491 (test_child): Likewise.
492 * elf/Makefile (tst-env-setuid-ENV): Add LD_HWCAP_MASK.
493 ---
494 ChangeLog | 10 ++++++++++
495 elf/Makefile | 3 ++-
496 elf/rtld.c | 3 ++-
497 elf/tst-env-setuid.c | 12 ++++++++++++
498 sysdeps/generic/unsecvars.h | 1 +
499 5 files changed, 27 insertions(+), 2 deletions(-)
500
501 diff --git a/elf/rtld.c b/elf/rtld.c
502 index a036ece956..5986eaf4a1 100644
503 --- a/elf/rtld.c
504 +++ b/elf/rtld.c
505 @@ -2404,7 +2404,8 @@ process_envvars (enum mode *modep)
506
507 case 10:
508 /* Mask for the important hardware capabilities. */
509 - if (memcmp (envline, "HWCAP_MASK", 10) == 0)
510 + if (!__libc_enable_secure
511 + && memcmp (envline, "HWCAP_MASK", 10) == 0)
512 GLRO(dl_hwcap_mask) = __strtoul_internal (&envline[11], NULL,
513 0, 0);
514 break;
515 diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h
516 index a74083786e..5ea8a4a259 100644
517 --- a/sysdeps/generic/unsecvars.h
518 +++ b/sysdeps/generic/unsecvars.h
519 @@ -16,6 +16,7 @@
520 "LD_DEBUG\0" \
521 "LD_DEBUG_OUTPUT\0" \
522 "LD_DYNAMIC_WEAK\0" \
523 + "LD_HWCAP_MASK\0" \
524 "LD_LIBRARY_PATH\0" \
525 "LD_ORIGIN_PATH\0" \
526 "LD_PRELOAD\0" \
527 --
528 2.13.0
Report Message
Find on MARC Find on Google Groups