lib/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2025-07-30 22:43:12 +03:00
Code Activity

elf: remove redundant __libc_enable_secure check from fillin_rpath

Browse Source 
There are just two users of fillin_rpath: one is decompose_rpath that
sets check_trusted argument to 0, another one is _dl_init_paths that
sets check_trusted argument to __libc_enable_secure and invokes
fillin_rpath only when LD_LIBRARY_PATH is non-empty.

Starting with commit
glibc-2.25.90-512-gf6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d,
LD_LIBRARY_PATH is ignored for __libc_enable_secure executables,
so check_trusted argument of fillin_rpath is always zero.

* elf/dl-load.c (is_trusted_path): Remove.
(fillin_rpath): Remove check_trusted argument and its use,
all callers changed.
This commit is contained in:
Dmitry V. Levin
2017-12-18 21:46:07 +00:00
parent ce16eb52c0
commit 10e93d9687
2 changed files with 9 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,3 +1,9 @@
2017-12-19 Dmitry V. Levin <ldv@altlinux.org>
* elf/dl-load.c (is_trusted_path): Remove.
(fillin_rpath): Remove check_trusted argument and its use,
all callers changed.
2017-12-19 H.J. Lu <hongjiu.lu@intel.com> 2017-12-19 H.J. Lu <hongjiu.lu@intel.com>
[BZ #22630] [BZ #22630]

33
elf/dl-load.c
View File

@ -116,24 +116,6 @@ static const size_t system_dirs_len[] =
}; };
#define nsystem_dirs_len array_length (system_dirs_len) #define nsystem_dirs_len array_length (system_dirs_len)
static bool
is_trusted_path (const char *path, size_t len)
{
const char *trun = system_dirs;
for (size_t idx = 0; idx < nsystem_dirs_len; ++idx)
{
if (len == system_dirs_len[idx] && memcmp (trun, path, len) == 0)
/* Found it. */
return true;
trun += system_dirs_len[idx] + 1;
}
return false;
}
static bool static bool
is_trusted_path_normalize (const char *path, size_t len) is_trusted_path_normalize (const char *path, size_t len)
{ {
@ -428,8 +410,7 @@ static size_t max_dirnamelen;
static struct r_search_path_elem ** static struct r_search_path_elem **
fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep, fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,
int check_trusted, const char *what, const char *where, const char *what, const char *where, struct link_map *l)
struct link_map *l)
{ {
char *cp; char *cp;
size_t nelems = 0; size_t nelems = 0;
@ -459,13 +440,6 @@ fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,
if (len > 0 && cp[len - 1] != '/') if (len > 0 && cp[len - 1] != '/')
cp[len++] = '/'; cp[len++] = '/';
/* Make sure we don't use untrusted directories if we run SUID. */
if (__glibc_unlikely (check_trusted) && !is_trusted_path (cp, len))
{
free (to_free);
continue;
}
/* See if this directory is already known. */ /* See if this directory is already known. */
for (dirp = GL(dl_all_dirs); dirp != NULL; dirp = dirp->next) for (dirp = GL(dl_all_dirs); dirp != NULL; dirp = dirp->next)
if (dirp->dirnamelen == len && memcmp (cp, dirp->dirname, len) == 0) if (dirp->dirnamelen == len && memcmp (cp, dirp->dirname, len) == 0)
@ -614,7 +588,7 @@ decompose_rpath (struct r_search_path_struct *sps,
_dl_signal_error (ENOMEM, NULL, NULL, errstring); _dl_signal_error (ENOMEM, NULL, NULL, errstring);
} }
fillin_rpath (copy, result, ":", 0, what, where, l); fillin_rpath (copy, result, ":", what, where, l);
/* Free the copied RPATH string. `fillin_rpath' make own copies if /* Free the copied RPATH string. `fillin_rpath' make own copies if
necessary. */ necessary. */
@ -791,8 +765,7 @@ _dl_init_paths (const char *llp)
} }
(void) fillin_rpath (llp_tmp, env_path_list.dirs, ":;", (void) fillin_rpath (llp_tmp, env_path_list.dirs, ":;",
__libc_enable_secure, "LD_LIBRARY_PATH", "LD_LIBRARY_PATH", NULL, l);
NULL, l);
if (env_path_list.dirs[0] == NULL) if (env_path_list.dirs[0] == NULL)
{ {