[v2,17/19] elf: Add comments on how LD_AUDIT and LD_PRELOAD handle __libc_enable_secure
Checks
Context |
Check |
Description |
redhat-pt-bot/TryBot-apply_patch |
success
|
Patch applied to master at the time it was sent
|
linaro-tcwg-bot/tcwg_glibc_build--master-arm |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_glibc_build--master-aarch64 |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_glibc_check--master-arm |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_glibc_check--master-aarch64 |
success
|
Testing passed
|
Commit Message
To make explicit why __libc_enable_secure is not checked.
---
elf/rtld.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
Comments
On 2023-10-17 09:05, Adhemerval Zanella wrote:
> To make explicit why __libc_enable_secure is not checked.
> ---
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
> elf/rtld.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/elf/rtld.c b/elf/rtld.c
> index 638b019670..d1017ba9e9 100644
> --- a/elf/rtld.c
> +++ b/elf/rtld.c
> @@ -2563,6 +2563,10 @@ process_envvars (struct dl_main_state *state)
> process_dl_debug (state, &envline[6]);
> break;
> }
> + /* For __libc_enable_secure mode, audit pathnames containing slashes
> + are ignored. Also, shared audit objects are only loaded only from
> + the standard search directories and only if they have set-user-ID
> + mode bit enabled. */
> if (memcmp (envline, "AUDIT", 5) == 0)
> audit_list_add_string (&state->audit_list, &envline[6]);
> break;
> @@ -2576,7 +2580,10 @@ process_envvars (struct dl_main_state *state)
> break;
> }
>
> - /* List of objects to be preloaded. */
> + /* For __libc_enable_secure mode, preload pathnames containing slashes
> + are ignored. Also, shared objects are only preloaded from the
> + standard search directories and only if they have set-user-ID mode
> + bit enabled. */
> if (memcmp (envline, "PRELOAD", 7) == 0)
> {
> state->preloadlist = &envline[8];
@@ -2563,6 +2563,10 @@ process_envvars (struct dl_main_state *state)
process_dl_debug (state, &envline[6]);
break;
}
+ /* For __libc_enable_secure mode, audit pathnames containing slashes
+ are ignored. Also, shared audit objects are only loaded only from
+ the standard search directories and only if they have set-user-ID
+ mode bit enabled. */
if (memcmp (envline, "AUDIT", 5) == 0)
audit_list_add_string (&state->audit_list, &envline[6]);
break;
@@ -2576,7 +2580,10 @@ process_envvars (struct dl_main_state *state)
break;
}
- /* List of objects to be preloaded. */
+ /* For __libc_enable_secure mode, preload pathnames containing slashes
+ are ignored. Also, shared objects are only preloaded from the
+ standard search directories and only if they have set-user-ID mode
+ bit enabled. */
if (memcmp (envline, "PRELOAD", 7) == 0)
{
state->preloadlist = &envline[8];