* elf/ldd.bash.in: When set -o pipefail is available, use that for

	piping to cat; when not, don't use the pipe at all.
	Pipe to cat in all cases of running the executable.
	When direct running exits with code 5, retry running via ${RTLD}.
	* elf/rtld.c (process_envvars): If __libc_enable_secure and
	mode != normal, exit with exitcode 5.

diff --git a/ChangeLog b/ChangeLog
index ea55466..c96326d 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2004-12-08  Jakub Jelinek  <jakub@redhat.com>
+
+       * elf/ldd.bash.in: When set -o pipefail is available, use that for
+       piping to cat; when not, don't use the pipe at all.
+       Pipe to cat in all cases of running the executable.
+       When direct running exits with code 5, retry running via ${RTLD}.
+       * elf/rtld.c (process_envvars): If __libc_enable_secure and
+       mode != normal, exit with exitcode 5.
+
 2004-12-07  Jakub Jelinek  <jakub@redhat.com>
 
        * sysdeps/posix/sysconf.c (__sysconf_check_spec): Only define

diff --git a/elf/ldd.bash.in b/elf/ldd.bash.in
index f400924..4d7c33c 100644 (file)
--- a/elf/ldd.bash.in
+++ b/elf/ldd.bash.in
@@ -105,6 +105,21 @@ add_env="$add_env LD_VERBOSE=$verbose"
 if test "$unused" = yes; then
   add_env="$add_env LD_DEBUG=\"$LD_DEBUG${LD_DEBUG:+,}unused\""
 fi
+
+# The following use of cat is needed to make ldd work in SELinux
+# environments where the executed program might not have permissions
+# to write to the console/tty.  But only bash 3.x supports the pipefail
+# option, and we don't bother to handle the case for older bash versions.
+if set -o pipefail 2> /dev/null; then
+  try_trace() {
+    eval $add_env '"$@"' | cat
+  }
+else
+  try_trace() {
+    eval $add_env '"$@"'
+  }
+fi
+
 case $# in
 0)
   echo >&2 'ldd:' $"missing file arguments"
@@ -153,7 +168,16 @@ warning: you do not have execution permission for" "\`$file'" >&2
     fi
     case $ret in
     0)
-      eval $add_env '"$file"' || result=1
+      # If the program exits with exit code 5, it means the process has been
+      # invoked with __libc_enable_secure.  Fall back to running it through
+      # the dynamic linker.
+      try_trace "$file"
+      rc=$?
+      if [ $rc = 5 ]; then
+       try_trace "$RTLD" "$file"
+       rc=$?
+      fi
+      [ $rc = 0 ] || result=1
       ;;
     1)
       # This can be a non-ELF binary or no binary at all.
@@ -163,10 +187,7 @@ warning: you do not have execution permission for" "\`$file'" >&2
       }
       ;;
     2)
-      # The following use of cat is needed to make ldd work in SELinux
-      # environments where the executed program might not have permissions
-      # to write to the console/tty.
-      eval $add_env \${RTLD} '"$file"' | cat || result=1
+      try_trace "$RTLD" "$file" || result=1
       ;;
     *)
       echo 'ldd:' ${RTLD} $"exited with unknown exit code" "($ret)" >&2

diff --git a/elf/rtld.c b/elf/rtld.c
index 13f7b4f..cd40f80 100644 (file)
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -2269,9 +2269,11 @@ process_envvars (enum mode *modep)
       if (__access ("/etc/suid-debug", F_OK) != 0)
         {
          unsetenv ("MALLOC_CHECK_");
-         if (mode == normal)
-           GLRO(dl_debug_mask) = 0;
+         GLRO(dl_debug_mask) = 0;
         }
+
+      if (mode != normal)
+       _exit (5);
     }
   /* If we have to run the dynamic linker in debugging mode and the
      LD_DEBUG_OUTPUT environment variable is given, we write the debug