From e4aa966cf25e83cd0c72f34f7855a995ff93944d Mon Sep 17 00:00:00 2001 From: Carmelo Amoroso Date: Tue, 25 Oct 2011 12:28:51 +0200 Subject: ldso: let people disable to lookup into LD_LIBRARY_PATH On hardened system it could be useful to disable the use of LD_LIBRARY_PATH. Signed-off-by: Carmelo Amoroso --- ldso/ldso/dl-elf.c | 3 ++- ldso/ldso/ldso.c | 8 ++++++++ ldso/libdl/libdl.c | 4 +++- 3 files changed, 13 insertions(+), 2 deletions(-) (limited to 'ldso') diff --git a/ldso/ldso/dl-elf.c b/ldso/ldso/dl-elf.c index db2872cd0..308a66c63 100644 --- a/ldso/ldso/dl-elf.c +++ b/ldso/ldso/dl-elf.c @@ -236,6 +236,7 @@ struct elf_resolve *_dl_load_shared_library(int secure, struct dyn_elf **rpnt, } #endif +#ifdef __LDSO_LD_LIBRARY_PATH__ /* Check in LD_{ELF_}LIBRARY_PATH, if specified and allowed */ if (_dl_library_path) { _dl_if_debug_dprint("\tsearching LD_LIBRARY_PATH='%s'\n", _dl_library_path); @@ -244,7 +245,7 @@ struct elf_resolve *_dl_load_shared_library(int secure, struct dyn_elf **rpnt, return tpnt1; } } - +#endif /* * The ABI specifies that RUNPATH is searched after LD_LIBRARY_PATH. */ diff --git a/ldso/ldso/ldso.c b/ldso/ldso/ldso.c index 14f2f7663..fe463b75d 100644 --- a/ldso/ldso/ldso.c +++ b/ldso/ldso/ldso.c @@ -46,7 +46,9 @@ #include LDSO_ELFINTERP /* Global variables used within the shared library loader */ +#ifdef __LDSO_LD_LIBRARY_PATH__ char *_dl_library_path = NULL; /* Where we look for libraries */ +#endif #ifdef __LDSO_PRELOAD_ENV_SUPPORT__ char *_dl_preload = NULL; /* Things to be loaded before the libs */ #endif @@ -457,7 +459,9 @@ void *_dl_get_ready_to_run(struct elf_resolve *tpnt, DL_LOADADDR_TYPE load_addr, #ifdef __LDSO_PRELOAD_ENV_SUPPORT__ _dl_preload = _dl_getenv("LD_PRELOAD", envp); #endif +#ifdef __LDSO_LD_LIBRARY_PATH__ _dl_library_path = _dl_getenv("LD_LIBRARY_PATH", envp); +#endif } else { static const char unsecure_envvars[] = #ifdef EXTRA_UNSECURE_ENVVARS @@ -476,7 +480,9 @@ void *_dl_get_ready_to_run(struct elf_resolve *tpnt, DL_LOADADDR_TYPE load_addr, #ifdef __LDSO_PRELOAD_ENV_SUPPORT__ _dl_preload = NULL; #endif +#ifdef __LDSO_LD_LIBRARY_PATH__ _dl_library_path = NULL; +#endif /* SUID binaries can be exploited if they do LAZY relocation. */ unlazy = RTLD_NOW; } @@ -494,7 +500,9 @@ void *_dl_get_ready_to_run(struct elf_resolve *tpnt, DL_LOADADDR_TYPE load_addr, tpnt->libname = argv[0]; while (argc > 1) if (! _dl_strcmp (argv[1], "--library-path") && argc > 2) { +#ifdef __LDSO_LD_LIBRARY_PATH__ _dl_library_path = argv[2]; +#endif _dl_skip_args += 2; argc -= 2; argv += 2; diff --git a/ldso/libdl/libdl.c b/ldso/libdl/libdl.c index 5b519e6d0..c164ffbee 100644 --- a/ldso/libdl/libdl.c +++ b/ldso/libdl/libdl.c @@ -100,7 +100,9 @@ int _dl_debug_file = 2; const char *_dl_progname = ""; /* Program name */ void *(*_dl_malloc_function)(size_t); void (*_dl_free_function) (void *p); +#ifdef __LDSO_LD_LIBRARY_PATH__ char *_dl_library_path = NULL; /* Where we look for libraries */ +#endif int _dl_errno = 0; /* We can't use the real errno in ldso */ size_t _dl_pagesize = PAGE_SIZE; /* Store the page size for use later */ /* This global variable is also to communicate with debuggers such as gdb. */ @@ -368,7 +370,7 @@ void *dlopen(const char *libname, int flag) if (getenv("LD_BIND_NOW")) now_flag = RTLD_NOW; -#ifndef SHARED +#if !defined SHARED && defined __LDSO_LIBRARY_PATH__ /* When statically linked, the _dl_library_path is not yet initialized */ _dl_library_path = getenv("LD_LIBRARY_PATH"); #endif -- cgit v1.2.3