From e4aa966cf25e83cd0c72f34f7855a995ff93944d Mon Sep 17 00:00:00 2001 From: Carmelo Amoroso Date: Tue, 25 Oct 2011 12:28:51 +0200 Subject: ldso: let people disable to lookup into LD_LIBRARY_PATH On hardened system it could be useful to disable the use of LD_LIBRARY_PATH. Signed-off-by: Carmelo Amoroso --- ldso/ldso/ldso.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'ldso/ldso/ldso.c') diff --git a/ldso/ldso/ldso.c b/ldso/ldso/ldso.c index 14f2f7663..fe463b75d 100644 --- a/ldso/ldso/ldso.c +++ b/ldso/ldso/ldso.c @@ -46,7 +46,9 @@ #include LDSO_ELFINTERP /* Global variables used within the shared library loader */ +#ifdef __LDSO_LD_LIBRARY_PATH__ char *_dl_library_path = NULL; /* Where we look for libraries */ +#endif #ifdef __LDSO_PRELOAD_ENV_SUPPORT__ char *_dl_preload = NULL; /* Things to be loaded before the libs */ #endif @@ -457,7 +459,9 @@ void *_dl_get_ready_to_run(struct elf_resolve *tpnt, DL_LOADADDR_TYPE load_addr, #ifdef __LDSO_PRELOAD_ENV_SUPPORT__ _dl_preload = _dl_getenv("LD_PRELOAD", envp); #endif +#ifdef __LDSO_LD_LIBRARY_PATH__ _dl_library_path = _dl_getenv("LD_LIBRARY_PATH", envp); +#endif } else { static const char unsecure_envvars[] = #ifdef EXTRA_UNSECURE_ENVVARS @@ -476,7 +480,9 @@ void *_dl_get_ready_to_run(struct elf_resolve *tpnt, DL_LOADADDR_TYPE load_addr, #ifdef __LDSO_PRELOAD_ENV_SUPPORT__ _dl_preload = NULL; #endif +#ifdef __LDSO_LD_LIBRARY_PATH__ _dl_library_path = NULL; +#endif /* SUID binaries can be exploited if they do LAZY relocation. */ unlazy = RTLD_NOW; } @@ -494,7 +500,9 @@ void *_dl_get_ready_to_run(struct elf_resolve *tpnt, DL_LOADADDR_TYPE load_addr, tpnt->libname = argv[0]; while (argc > 1) if (! _dl_strcmp (argv[1], "--library-path") && argc > 2) { +#ifdef __LDSO_LD_LIBRARY_PATH__ _dl_library_path = argv[2]; +#endif _dl_skip_args += 2; argc -= 2; argv += 2; -- cgit v1.2.3