elf: Ignore LD_BIND_NOW and LD_BIND_NOT for setuid binaries

author Adhemerval Zanella <adhemerval.zanella@linaro.org>

Wed, 22 Nov 2023 20:43:24 +0000 (17:43 -0300)

committer Adhemerval Zanella <adhemerval.zanella@linaro.org>

Tue, 5 Dec 2023 16:21:36 +0000 (13:21 -0300)
author Adhemerval Zanella <adhemerval.zanella@linaro.org>
Wed, 22 Nov 2023 20:43:24 +0000 (17:43 -0300)
committer Adhemerval Zanella <adhemerval.zanella@linaro.org>
Tue, 5 Dec 2023 16:21:36 +0000 (13:21 -0300)
diff --git a/elf/rtld.c b/elf/rtld.c

index 55cdb4836e7536a2fe40a9779c6e90c04aa00be8..d9a6c33b313b98c436f7b36abaf0b711d5ab5d3d 100644 (file)
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -2604,12 +2604,14 @@ process_envvars (struct dl_main_state *state)
  
         case 8:
           /* Do we bind early?  */
-         if (memcmp (envline, "BIND_NOW", 8) == 0)
+         if (!__libc_enable_secure
+             && memcmp (envline, "BIND_NOW", 8) == 0)
             {
               GLRO(dl_lazy) = envline[9] == '\0';
               break;
             }
-         if (memcmp (envline, "BIND_NOT", 8) == 0)
+         if (! __libc_enable_secure
+             && memcmp (envline, "BIND_NOT", 8) == 0)
             GLRO(dl_bind_not) = envline[9] != '\0';
           break;
  
@@ -2686,6 +2688,8 @@ process_envvars (struct dl_main_state *state)
  
        if (GLRO(dl_debug_mask) != 0
           || GLRO(dl_verbose) != 0
+         || GLRO(dl_lazy) != 1
+         || GLRO(dl_bind_not) != 0
           || state->mode != rtld_mode_normal
           || state->version_info)
         _exit (5);
diff --git a/elf/tst-env-setuid.c b/elf/tst-env-setuid.c

index b1d64ac08517a73205f8dda168e1c41cb0aed955..9fa591a13640c5ebff19a01c794fa5ad71111b40 100644 (file)
--- a/elf/tst-env-setuid.c
+++ b/elf/tst-env-setuid.c
@@ -63,12 +63,12 @@ static const struct envvar_t filtered_envvars[] =
    { "LD_DEBUG_OUTPUT",         "/tmp/some-file" },
    { "LD_WARN",                 FILTERED_VALUE },
    { "LD_VERBOSE",              FILTERED_VALUE },
+  { "LD_BIND_NOW",             "0" },
+  { "LD_BIND_NOT",             "1" },
  };
  
  static const struct envvar_t unfiltered_envvars[] =
  {
-  { "LD_BIND_NOW",             "0" },
-  { "LD_BIND_NOT",             "1" },
    /* Non longer supported option.  */
    { "LD_ASSUME_KERNEL",        UNFILTERED_VALUE },
  };
diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h

index 8975df4a14570f5c2c119e9a0608c480c2288a67..f1724efe0f1fea7bb155b6025a16fea2f662252e 100644 (file)
--- a/sysdeps/generic/unsecvars.h
+++ b/sysdeps/generic/unsecvars.h
@@ -7,6 +7,8 @@
    "GLIBC_TUNABLES\0"                                                         \
    "HOSTALIASES\0"                                                            \
    "LD_AUDIT\0"                                                               \
+  "LD_BIND_NOT\0"                                                            \
+  "LD_BIND_NOW\0"                                                            \
    "LD_DEBUG\0"                                                               \
    "LD_DEBUG_OUTPUT\0"                                                        \
    "LD_DYNAMIC_WEAK\0"                                                        \
author	Adhemerval Zanella <adhemerval.zanella@linaro.org>
	Wed, 22 Nov 2023 20:43:24 +0000 (17:43 -0300)
committer	Adhemerval Zanella <adhemerval.zanella@linaro.org>
	Tue, 5 Dec 2023 16:21:36 +0000 (13:21 -0300)
elf/rtld.c		patch \| blob \| history
elf/tst-env-setuid.c		patch \| blob \| history
sysdeps/generic/unsecvars.h		patch \| blob \| history