Loader already ignores LD_DEBUG, LD_DEBUG_OUTPUT, and
LD_TRACE_LOADED_OBJECTS. Both LD_WARN and LD_VERBOSE are similar to
LD_DEBUG, in the sense they enable additional checks and debug
information, so it makes sense to disable them.
Also add both LD_VERBOSE and LD_WARN on filtered environment variables
for setuid binaries.
Checked on x86_64-linux-gnu.
---
elf/rtld.c | 22 ++++++++++++++--------
elf/tst-env-setuid.c | 4 ++++
sysdeps/generic/unsecvars.h | 2 ++
3 files changed, 20 insertions(+), 8 deletions(-)
@@ -2550,13 +2550,15 @@ process_envvars (struct dl_main_state *state)
{
case 4:
/* Warning level, verbose or not. */
- if (memcmp (envline, "WARN", 4) == 0)
+ if (!__libc_enable_secure
+ && memcmp (envline, "WARN", 4) == 0)
GLRO(dl_verbose) = envline[5] != '\0';
break;
case 5:
/* Debugging of the dynamic linker? */
- if (memcmp (envline, "DEBUG", 5) == 0)
+ if (!__libc_enable_secure
+ && memcmp (envline, "DEBUG", 5) == 0)
{
process_dl_debug (state, &envline[6]);
break;
@@ -2571,7 +2573,8 @@ process_envvars (struct dl_main_state *state)
case 7:
/* Print information about versions. */
- if (memcmp (envline, "VERBOSE", 7) == 0)
+ if (!__libc_enable_secure
+ && memcmp (envline, "VERBOSE", 7) == 0)
{
state->version_info = envline[8] != '\0';
break;
@@ -2630,7 +2633,8 @@ process_envvars (struct dl_main_state *state)
}
/* Where to place the profiling data file. */
- if (memcmp (envline, "DEBUG_OUTPUT", 12) == 0)
+ if (!__libc_enable_secure
+ && memcmp (envline, "DEBUG_OUTPUT", 12) == 0)
{
debug_output = &envline[13];
break;
@@ -2651,7 +2655,8 @@ process_envvars (struct dl_main_state *state)
case 20:
/* The mode of the dynamic linker can be set. */
- if (memcmp (envline, "TRACE_LOADED_OBJECTS", 20) == 0)
+ if (!__libc_enable_secure
+ && memcmp (envline, "TRACE_LOADED_OBJECTS", 20) == 0)
{
state->mode = rtld_mode_trace;
state->mode_trace_program
@@ -2673,9 +2678,10 @@ process_envvars (struct dl_main_state *state)
}
while (*nextp != '\0');
- GLRO(dl_debug_mask) = 0;
-
- if (state->mode != rtld_mode_normal)
+ if (GLRO(dl_debug_mask) != 0
+ || GLRO(dl_verbose) != 0
+ || state->mode != rtld_mode_normal
+ || state->version_info)
_exit (5);
}
/* If we have to run the dynamic linker in debugging mode and the
@@ -59,6 +59,10 @@ static const struct envvar_t filtered_envvars[] =
{ "MALLOC_TRACE", FILTERED_VALUE },
{ "MALLOC_TRIM_THRESHOLD_", FILTERED_VALUE },
{ "RES_OPTIONS", FILTERED_VALUE },
+ { "LD_DEBUG", "all" },
+ { "LD_DEBUG_OUTPUT", "/tmp/some-file" },
+ { "LD_WARN", FILTERED_VALUE },
+ { "LD_VERBOSE", FILTERED_VALUE },
};
static const struct envvar_t unfiltered_envvars[] =
@@ -16,6 +16,8 @@
"LD_PRELOAD\0" \
"LD_PROFILE\0" \
"LD_SHOW_AUXV\0" \
+ "LD_VERBOSE\0" \
+ "LD_WARN\0" \
"LOCALDOMAIN\0" \
"LOCPATH\0" \
"MALLOC_ARENA_MAX\0" \