Update.

2004-12-01  Jakub Jelinek  <jakub@redhat.com>

	* elf/rtld.c (process_envvars): Don't consider LD_SHOW_AUXV
	and LD_DYNAMIC_WEAK if __libc_enable_secure.
	If __libc_enable_secure, /etc/suid-debug doesn't exist and
	program will be actually run, turn off all debugging.
	* sysdeps/generic/unsecvars.h (UNSECURE_ENVVARS): Add LD_DEBUG,
	LD_DYNAMIC_WEAK and LD_SHOW_AUXV.

diff --git a/ChangeLog b/ChangeLog
index 11ce063..42b9242 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2004-12-01  Jakub Jelinek  <jakub@redhat.com>
+
+       * elf/rtld.c (process_envvars): Don't consider LD_SHOW_AUXV
+       and LD_DYNAMIC_WEAK if __libc_enable_secure.
+       If __libc_enable_secure, /etc/suid-debug doesn't exist and
+       program will be actually run, turn off all debugging.
+       * sysdeps/generic/unsecvars.h (UNSECURE_ENVVARS): Add LD_DEBUG,
+       LD_DYNAMIC_WEAK and LD_SHOW_AUXV.
+
 2004-12-06  Jakub Jelinek  <jakub@redhat.com>
 
        * time/tzset.c (tzset_internal): If + or - is seen,

diff --git a/elf/rtld.c b/elf/rtld.c
index 601fc7d..13f7b4f 100644 (file)
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -2158,7 +2158,8 @@ process_envvars (enum mode *modep)
        case 9:
          /* Test whether we want to see the content of the auxiliary
             array passed up from the kernel.  */
-         if (memcmp (envline, "SHOW_AUXV", 9) == 0)
+         if (!INTUSE(__libc_enable_secure)
+             && memcmp (envline, "SHOW_AUXV", 9) == 0)
            _dl_show_auxv ();
          break;
 
@@ -2191,7 +2192,8 @@ process_envvars (enum mode *modep)
              break;
            }
 
-         if (memcmp (envline, "DYNAMIC_WEAK", 12) == 0)
+         if (!INTUSE(__libc_enable_secure)
+             && memcmp (envline, "DYNAMIC_WEAK", 12) == 0)
            GLRO(dl_dynamic_weak) = 1;
          break;
 
@@ -2265,7 +2267,11 @@ process_envvars (enum mode *modep)
       while (*nextp != '\0');
 
       if (__access ("/etc/suid-debug", F_OK) != 0)
-       unsetenv ("MALLOC_CHECK_");
+        {
+         unsetenv ("MALLOC_CHECK_");
+         if (mode == normal)
+           GLRO(dl_debug_mask) = 0;
+        }
     }
   /* If we have to run the dynamic linker in debugging mode and the
      LD_DEBUG_OUTPUT environment variable is given, we write the debug

diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h
index 8a9dd43..eb77b26 100644 (file)
--- a/sysdeps/generic/unsecvars.h
+++ b/sysdeps/generic/unsecvars.h
@@ -5,9 +5,12 @@
   "LD_PRELOAD\0"                                                             \
   "LD_LIBRARY_PATH\0"                                                        \
   "LD_ORIGIN_PATH\0"                                                         \
+  "LD_DEBUG\0"                                                               \
   "LD_DEBUG_OUTPUT\0"                                                        \
   "LD_PROFILE\0"                                                             \
   "LD_USE_LOAD_BIAS\0"                                                       \
+  "LD_DYNAMIC_WEAK\0"                                                        \
+  "LD_SHOW_AUXV\0"                                                           \
   "GCONV_PATH\0"                                                             \
   "GETCONF_DIR\0"                                                            \
   "HOSTALIASES\0"                                                            \