| Message ID | 20231017130526.2216827-18-adhemerval.zanella@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | Improve loader environment variable handling | expand |
On 2023-10-17 09:05, Adhemerval Zanella wrote: > To make explicit why __libc_enable_secure is not checked. > --- Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> > elf/rtld.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/elf/rtld.c b/elf/rtld.c > index 638b019670..d1017ba9e9 100644 > --- a/elf/rtld.c > +++ b/elf/rtld.c > @@ -2563,6 +2563,10 @@ process_envvars (struct dl_main_state *state) > process_dl_debug (state, &envline[6]); > break; > } > + /* For __libc_enable_secure mode, audit pathnames containing slashes > + are ignored. Also, shared audit objects are only loaded only from > + the standard search directories and only if they have set-user-ID > + mode bit enabled. */ > if (memcmp (envline, "AUDIT", 5) == 0) > audit_list_add_string (&state->audit_list, &envline[6]); > break; > @@ -2576,7 +2580,10 @@ process_envvars (struct dl_main_state *state) > break; > } > > - /* List of objects to be preloaded. */ > + /* For __libc_enable_secure mode, preload pathnames containing slashes > + are ignored. Also, shared objects are only preloaded from the > + standard search directories and only if they have set-user-ID mode > + bit enabled. */ > if (memcmp (envline, "PRELOAD", 7) == 0) > { > state->preloadlist = &envline[8];
diff --git a/elf/rtld.c b/elf/rtld.c index 638b019670..d1017ba9e9 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -2563,6 +2563,10 @@ process_envvars (struct dl_main_state *state) process_dl_debug (state, &envline[6]); break; } + /* For __libc_enable_secure mode, audit pathnames containing slashes + are ignored. Also, shared audit objects are only loaded only from + the standard search directories and only if they have set-user-ID + mode bit enabled. */ if (memcmp (envline, "AUDIT", 5) == 0) audit_list_add_string (&state->audit_list, &envline[6]); break; @@ -2576,7 +2580,10 @@ process_envvars (struct dl_main_state *state) break; } - /* List of objects to be preloaded. */ + /* For __libc_enable_secure mode, preload pathnames containing slashes + are ignored. Also, shared objects are only preloaded from the + standard search directories and only if they have set-user-ID mode + bit enabled. */ if (memcmp (envline, "PRELOAD", 7) == 0) { state->preloadlist = &envline[8];