summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCarmelo AMOROSO <carmelo.amoroso@st.com>2010-04-14 07:24:46 +0200
committerBernhard Reutner-Fischer <rep.dot.nop@gmail.com>2010-04-14 15:34:22 +0200
commit4f729fd9aadcd6727f7c44ff0fce279031de6b85 (patch)
treeb72265f50f3eefea5864f4f008bf3aec6ca4e2f4
parentd61066fcfe7f00843c4660182ea38ba3a5e41803 (diff)
ldso: Add config option for controlling LD_PRELOAD
On hardened system it could be useful to disable the use of LD_PRELOAD environment variable for preloading shared objects before the system libraries. So this patch add a config option, LDSO_PRELOAD_ENV_SUPPORT, to control this behaviour. It is enabled by default. Signed-off-by: Carmelo Amoroso <carmelo.amoroso@st.com> Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
-rw-r--r--extra/Configs/Config.in12
-rw-r--r--ldso/ldso/ldso.c8
2 files changed, 20 insertions, 0 deletions
diff --git a/extra/Configs/Config.in b/extra/Configs/Config.in
index 4ce4bb09b..0d2822f7a 100644
--- a/extra/Configs/Config.in
+++ b/extra/Configs/Config.in
@@ -300,6 +300,18 @@ config LDSO_CACHE_SUPPORT
After updating this file, it is necessary to run 'ldconfig' to update
the /etc/ld.so.cache shared library loader cache file.
+config LDSO_PRELOAD_ENV_SUPPORT
+ bool "Enable library loader LD_PRELOAD environment"
+ depends on HAVE_SHARED
+ default y
+ help
+ Enable this to make use of LD_PRELOAD environment variable.
+ A whitespace-separated list of additional, user-specified, ELF shared
+ libraries to be loaded before all others. This can be used to
+ selectively override functions in other shared libraries. For
+ set-user-ID/set-group-ID ELF binaries, only libraries in the standard
+ search directories that are also set-user-ID will be loaded.
+
config LDSO_PRELOAD_FILE_SUPPORT
bool "Enable library loader preload file (ld.so.preload)"
depends on HAVE_SHARED
diff --git a/ldso/ldso/ldso.c b/ldso/ldso/ldso.c
index 0fbc8f135..a8224e2c7 100644
--- a/ldso/ldso/ldso.c
+++ b/ldso/ldso/ldso.c
@@ -47,7 +47,9 @@
/* Global variables used within the shared library loader */
char *_dl_library_path = NULL; /* Where we look for libraries */
+#ifdef __LDSO_PRELOAD_ENV_SUPPORT__
char *_dl_preload = NULL; /* Things to be loaded before the libs */
+#endif
char *_dl_ldsopath = NULL; /* Location of the shared lib loader */
int _dl_errno = 0; /* We can't use the real errno in ldso */
size_t _dl_pagesize = 0; /* Store the page size for use later */
@@ -348,7 +350,9 @@ void _dl_get_ready_to_run(struct elf_resolve *tpnt, DL_LOADADDR_TYPE load_addr,
auxvt[AT_UID].a_un.a_val == auxvt[AT_EUID].a_un.a_val &&
auxvt[AT_GID].a_un.a_val == auxvt[AT_EGID].a_un.a_val)) {
_dl_secure = 0;
+#ifdef __LDSO_PRELOAD_ENV_SUPPORT__
_dl_preload = _dl_getenv("LD_PRELOAD", envp);
+#endif
_dl_library_path = _dl_getenv("LD_LIBRARY_PATH", envp);
} else {
static const char unsecure_envvars[] =
@@ -365,7 +369,9 @@ void _dl_get_ready_to_run(struct elf_resolve *tpnt, DL_LOADADDR_TYPE load_addr,
/* We could use rawmemchr but this need not be fast. */
nextp = _dl_strchr(nextp, '\0') + 1;
} while (*nextp != '\0');
+#ifdef __LDSO_PRELOAD_ENV_SUPPORT__
_dl_preload = NULL;
+#endif
_dl_library_path = NULL;
/* SUID binaries can be exploited if they do LAZY relocation. */
unlazy = RTLD_NOW;
@@ -625,6 +631,7 @@ void _dl_get_ready_to_run(struct elf_resolve *tpnt, DL_LOADADDR_TYPE load_addr,
_dl_map_cache();
+#ifdef __LDSO_PRELOAD_ENV_SUPPORT__
if (_dl_preload) {
char c, *str, *str2;
@@ -680,6 +687,7 @@ void _dl_get_ready_to_run(struct elf_resolve *tpnt, DL_LOADADDR_TYPE load_addr,
str++;
}
}
+#endif /* __LDSO_PRELOAD_ENV_SUPPORT__ */
#ifdef __LDSO_PRELOAD_FILE_SUPPORT__
do {