[v3,16/19] elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static

Message ID 20231106202552.3404059-17-adhemerval.zanella@linaro.org
State Committed
Commit 5451fa962cd0a90a0e2ec1d8910a559ace02bba0
Delegated to: Siddhesh Poyarekar
Headers
Series Improve loader environment variable handling |

Checks

Context Check Description
redhat-pt-bot/TryBot-apply_patch success Patch applied to master at the time it was sent
linaro-tcwg-bot/tcwg_glibc_build--master-arm fail Patch failed to apply
linaro-tcwg-bot/tcwg_glibc_check--master-arm fail Patch failed to apply

Commit Message

Adhemerval Zanella Netto Nov. 6, 2023, 8:25 p.m. UTC
  It mimics the ld.so behavior.

Checked on x86_64-linux-gnu.
---
 elf/dl-support.c | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)
  

Comments

Siddhesh Poyarekar Nov. 20, 2023, 10:59 p.m. UTC | #1
On 2023-11-06 15:25, Adhemerval Zanella wrote:
> It mimics the ld.so behavior.
> 
> Checked on x86_64-linux-gnu.
> ---

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

>   elf/dl-support.c | 32 ++++++++++++++++----------------
>   1 file changed, 16 insertions(+), 16 deletions(-)
> 
> diff --git a/elf/dl-support.c b/elf/dl-support.c
> index 31a608df87..837fa1c836 100644
> --- a/elf/dl-support.c
> +++ b/elf/dl-support.c
> @@ -272,8 +272,6 @@ _dl_non_dynamic_init (void)
>     _dl_main_map.l_phdr = GL(dl_phdr);
>     _dl_main_map.l_phnum = GL(dl_phnum);
>   
> -  _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;
> -
>     /* Set up the data structures for the system-supplied DSO early,
>        so they can influence _dl_init_paths.  */
>     setup_vdso (NULL, NULL);
> @@ -281,6 +279,22 @@ _dl_non_dynamic_init (void)
>     /* With vDSO setup we can initialize the function pointers.  */
>     setup_vdso_pointers ();
>   
> +  if (__libc_enable_secure)
> +    {
> +      static const char unsecure_envvars[] =
> +	UNSECURE_ENVVARS
> +	;
> +      const char *cp = unsecure_envvars;
> +
> +      while (cp < unsecure_envvars + sizeof (unsecure_envvars))
> +	{
> +	  __unsetenv (cp);
> +	  cp = strchr (cp, '\0') + 1;
> +	}
> +    }
> +
> +  _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;
> +
>     /* Initialize the data structures for the search paths for shared
>        objects.  */
>     _dl_init_paths (getenv ("LD_LIBRARY_PATH"), "LD_LIBRARY_PATH",
> @@ -297,20 +311,6 @@ _dl_non_dynamic_init (void)
>   
>     _dl_dynamic_weak = *(getenv ("LD_DYNAMIC_WEAK") ?: "") == '\0';
>   
> -  if (__libc_enable_secure)
> -    {
> -      static const char unsecure_envvars[] =
> -	UNSECURE_ENVVARS
> -	;
> -      const char *cp = unsecure_envvars;
> -
> -      while (cp < unsecure_envvars + sizeof (unsecure_envvars))
> -	{
> -	  __unsetenv (cp);
> -	  cp = strchr (cp, '\0') + 1;
> -	}
> -    }
> -
>   #ifdef DL_PLATFORM_INIT
>     DL_PLATFORM_INIT;
>   #endif
  

Patch

diff --git a/elf/dl-support.c b/elf/dl-support.c
index 31a608df87..837fa1c836 100644
--- a/elf/dl-support.c
+++ b/elf/dl-support.c
@@ -272,8 +272,6 @@  _dl_non_dynamic_init (void)
   _dl_main_map.l_phdr = GL(dl_phdr);
   _dl_main_map.l_phnum = GL(dl_phnum);
 
-  _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;
-
   /* Set up the data structures for the system-supplied DSO early,
      so they can influence _dl_init_paths.  */
   setup_vdso (NULL, NULL);
@@ -281,6 +279,22 @@  _dl_non_dynamic_init (void)
   /* With vDSO setup we can initialize the function pointers.  */
   setup_vdso_pointers ();
 
+  if (__libc_enable_secure)
+    {
+      static const char unsecure_envvars[] =
+	UNSECURE_ENVVARS
+	;
+      const char *cp = unsecure_envvars;
+
+      while (cp < unsecure_envvars + sizeof (unsecure_envvars))
+	{
+	  __unsetenv (cp);
+	  cp = strchr (cp, '\0') + 1;
+	}
+    }
+
+  _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;
+
   /* Initialize the data structures for the search paths for shared
      objects.  */
   _dl_init_paths (getenv ("LD_LIBRARY_PATH"), "LD_LIBRARY_PATH",
@@ -297,20 +311,6 @@  _dl_non_dynamic_init (void)
 
   _dl_dynamic_weak = *(getenv ("LD_DYNAMIC_WEAK") ?: "") == '\0';
 
-  if (__libc_enable_secure)
-    {
-      static const char unsecure_envvars[] =
-	UNSECURE_ENVVARS
-	;
-      const char *cp = unsecure_envvars;
-
-      while (cp < unsecure_envvars + sizeof (unsecure_envvars))
-	{
-	  __unsetenv (cp);
-	  cp = strchr (cp, '\0') + 1;
-	}
-    }
-
 #ifdef DL_PLATFORM_INIT
   DL_PLATFORM_INIT;
 #endif