diff options
author | Carmelo AMOROSO <carmelo.amoroso@st.com> | 2010-04-14 07:24:46 +0200 |
---|---|---|
committer | Bernhard Reutner-Fischer <rep.dot.nop@gmail.com> | 2010-04-14 15:34:22 +0200 |
commit | 4f729fd9aadcd6727f7c44ff0fce279031de6b85 (patch) | |
tree | b72265f50f3eefea5864f4f008bf3aec6ca4e2f4 | |
parent | d61066fcfe7f00843c4660182ea38ba3a5e41803 (diff) |
ldso: Add config option for controlling LD_PRELOAD
On hardened system it could be useful to disable the use
of LD_PRELOAD environment variable for preloading shared objects
before the system libraries. So this patch add a config option,
LDSO_PRELOAD_ENV_SUPPORT, to control this behaviour.
It is enabled by default.
Signed-off-by: Carmelo Amoroso <carmelo.amoroso@st.com>
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
-rw-r--r-- | extra/Configs/Config.in | 12 | ||||
-rw-r--r-- | ldso/ldso/ldso.c | 8 |
2 files changed, 20 insertions, 0 deletions
diff --git a/extra/Configs/Config.in b/extra/Configs/Config.in index 4ce4bb09b..0d2822f7a 100644 --- a/extra/Configs/Config.in +++ b/extra/Configs/Config.in @@ -300,6 +300,18 @@ config LDSO_CACHE_SUPPORT After updating this file, it is necessary to run 'ldconfig' to update the /etc/ld.so.cache shared library loader cache file. +config LDSO_PRELOAD_ENV_SUPPORT + bool "Enable library loader LD_PRELOAD environment" + depends on HAVE_SHARED + default y + help + Enable this to make use of LD_PRELOAD environment variable. + A whitespace-separated list of additional, user-specified, ELF shared + libraries to be loaded before all others. This can be used to + selectively override functions in other shared libraries. For + set-user-ID/set-group-ID ELF binaries, only libraries in the standard + search directories that are also set-user-ID will be loaded. + config LDSO_PRELOAD_FILE_SUPPORT bool "Enable library loader preload file (ld.so.preload)" depends on HAVE_SHARED diff --git a/ldso/ldso/ldso.c b/ldso/ldso/ldso.c index 0fbc8f135..a8224e2c7 100644 --- a/ldso/ldso/ldso.c +++ b/ldso/ldso/ldso.c @@ -47,7 +47,9 @@ /* Global variables used within the shared library loader */ char *_dl_library_path = NULL; /* Where we look for libraries */ +#ifdef __LDSO_PRELOAD_ENV_SUPPORT__ char *_dl_preload = NULL; /* Things to be loaded before the libs */ +#endif char *_dl_ldsopath = NULL; /* Location of the shared lib loader */ int _dl_errno = 0; /* We can't use the real errno in ldso */ size_t _dl_pagesize = 0; /* Store the page size for use later */ @@ -348,7 +350,9 @@ void _dl_get_ready_to_run(struct elf_resolve *tpnt, DL_LOADADDR_TYPE load_addr, auxvt[AT_UID].a_un.a_val == auxvt[AT_EUID].a_un.a_val && auxvt[AT_GID].a_un.a_val == auxvt[AT_EGID].a_un.a_val)) { _dl_secure = 0; +#ifdef __LDSO_PRELOAD_ENV_SUPPORT__ _dl_preload = _dl_getenv("LD_PRELOAD", envp); +#endif _dl_library_path = _dl_getenv("LD_LIBRARY_PATH", envp); } else { static const char unsecure_envvars[] = @@ -365,7 +369,9 @@ void _dl_get_ready_to_run(struct elf_resolve *tpnt, DL_LOADADDR_TYPE load_addr, /* We could use rawmemchr but this need not be fast. */ nextp = _dl_strchr(nextp, '\0') + 1; } while (*nextp != '\0'); +#ifdef __LDSO_PRELOAD_ENV_SUPPORT__ _dl_preload = NULL; +#endif _dl_library_path = NULL; /* SUID binaries can be exploited if they do LAZY relocation. */ unlazy = RTLD_NOW; @@ -625,6 +631,7 @@ void _dl_get_ready_to_run(struct elf_resolve *tpnt, DL_LOADADDR_TYPE load_addr, _dl_map_cache(); +#ifdef __LDSO_PRELOAD_ENV_SUPPORT__ if (_dl_preload) { char c, *str, *str2; @@ -680,6 +687,7 @@ void _dl_get_ready_to_run(struct elf_resolve *tpnt, DL_LOADADDR_TYPE load_addr, str++; } } +#endif /* __LDSO_PRELOAD_ENV_SUPPORT__ */ #ifdef __LDSO_PRELOAD_FILE_SUPPORT__ do { |