diff mbox series

[v2,17/19] elf: Add comments on how LD_AUDIT and LD_PRELOAD handle __libc_enable_secure

Message ID 20231017130526.2216827-18-adhemerval.zanella@linaro.org
State Superseded
Delegated to: Siddhesh Poyarekar
Headers
Series Improve loader environment variable handling |

Checks

Context Check Description
redhat-pt-bot/TryBot-apply_patch success Patch applied to master at the time it was sent
linaro-tcwg-bot/tcwg_glibc_build--master-arm success Testing passed
linaro-tcwg-bot/tcwg_glibc_build--master-aarch64 success Testing passed
linaro-tcwg-bot/tcwg_glibc_check--master-arm success Testing passed
linaro-tcwg-bot/tcwg_glibc_check--master-aarch64 success Testing passed

Commit Message

Adhemerval Zanella Netto Oct. 17, 2023, 1:05 p.m. UTC 
  To make explicit why __libc_enable_secure is not checked.
---
 elf/rtld.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

Comments

Siddhesh Poyarekar Oct. 27, 2023, 2:31 p.m. UTC | #1 
On 2023-10-17 09:05, Adhemerval Zanella wrote:
> To make explicit why __libc_enable_secure is not checked.
> ---

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

>   elf/rtld.c | 9 ++++++++-
>   1 file changed, 8 insertions(+), 1 deletion(-)
> 
> diff --git a/elf/rtld.c b/elf/rtld.c
> index 638b019670..d1017ba9e9 100644
> --- a/elf/rtld.c
> +++ b/elf/rtld.c
> @@ -2563,6 +2563,10 @@ process_envvars (struct dl_main_state *state)
>   	      process_dl_debug (state, &envline[6]);
>   	      break;
>   	    }
> +	  /* For __libc_enable_secure mode, audit pathnames containing slashes
> +	     are ignored.  Also, shared audit objects are only loaded only from
> +	     the standard search directories and only if they have set-user-ID
> +	     mode bit enabled.  */
>   	  if (memcmp (envline, "AUDIT", 5) == 0)
>   	    audit_list_add_string (&state->audit_list, &envline[6]);
>   	  break;
> @@ -2576,7 +2580,10 @@ process_envvars (struct dl_main_state *state)
>   	      break;
>   	    }
>   
> -	  /* List of objects to be preloaded.  */
> +	  /* For __libc_enable_secure mode, preload pathnames containing slashes
> +	     are ignored.  Also, shared objects are only preloaded from the
> +	     standard search directories and only if they have set-user-ID mode
> +	     bit enabled.  */
>   	  if (memcmp (envline, "PRELOAD", 7) == 0)
>   	    {
>   	      state->preloadlist = &envline[8];
diff mbox series

Patch

diff --git a/elf/rtld.c b/elf/rtld.c
index 638b019670..d1017ba9e9 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -2563,6 +2563,10 @@  process_envvars (struct dl_main_state *state)
 	      process_dl_debug (state, &envline[6]);
 	      break;
 	    }
+	  /* For __libc_enable_secure mode, audit pathnames containing slashes
+	     are ignored.  Also, shared audit objects are only loaded only from
+	     the standard search directories and only if they have set-user-ID
+	     mode bit enabled.  */
 	  if (memcmp (envline, "AUDIT", 5) == 0)
 	    audit_list_add_string (&state->audit_list, &envline[6]);
 	  break;
@@ -2576,7 +2580,10 @@  process_envvars (struct dl_main_state *state)
 	      break;
 	    }
 
-	  /* List of objects to be preloaded.  */
+	  /* For __libc_enable_secure mode, preload pathnames containing slashes
+	     are ignored.  Also, shared objects are only preloaded from the
+	     standard search directories and only if they have set-user-ID mode
+	     bit enabled.  */
 	  if (memcmp (envline, "PRELOAD", 7) == 0)
 	    {
 	      state->preloadlist = &envline[8];