From patchwork Tue Oct 17 13:05:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 734392 Delivered-To: patch@linaro.org Received: by 2002:adf:f0cd:0:b0:32d:baff:b0ca with SMTP id x13csp469577wro; Tue, 17 Oct 2023 06:08:19 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHGdLkzf2sngBJl3wSr4C/Nmqvp8+92IAzB56FNDPzT7JiX8uW3sn9VU6SgjJOKSMtQHhX5 X-Received: by 2002:a05:6122:2094:b0:49d:7cf7:f8d1 with SMTP id i20-20020a056122209400b0049d7cf7f8d1mr2627713vkd.4.1697548099649; Tue, 17 Oct 2023 06:08:19 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1697548099; cv=pass; d=google.com; s=arc-20160816; b=rtE8dZm7l6X2kd3PoGPPCkWkUoe/eVIoI4G+CKYbucYCSACd4PcHQ5sgGH2XO+TfNQ p6ga71HZodG4nS5Et5LxLtgP6ZF9FCedLRgfKjCic5UNZN1jENWvVP2s5F28tbdbHz+q Hh5fMDVvjWFH4/YMEXd5Pt0cMy5C7FePKFLwEX6wvKfHK8z+QCQP0vGkZc2u7hKB++1u hSLYXV2BQjLd/+1c5Tfu8Gu8ZjUoR8dlzvrfO6pTkETLbd5rHPaRPqHrJ5fCCOMhoD0p AU9VOeFlqPN+nGZ7eJRYCh1f2rwKPJu7yKSVQ5KPlGNFfgR85LI8e/EWEzSX6JYA64q8 Betw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature:arc-filter:dmarc-filter:delivered-to; bh=Pph0HzXGubFkM72YNoRwe9rSD1jpPmNhGJehSpDJ8NU=; fh=+FUb54tScwW7D3lvWhZcQBi30wyNNn2DusdH7ahfqKk=; b=edtiOn19xwzsGTzII7aWwXEUeka7bmpa0DdjLjSB9d/DgBpI1AZ6bmRRKbK4xzMCkJ SDlTWw2rutEccBQ5+at18SyBS5bZOtxNb/2MSlDeV/BwwEYISOae92VWZnj3pNCQmYgu xN9Jy0WQ7dJGNLuxBhQ3NMUCIAGHCSC2oiCdeefEYvUAWSNqvAgDKZSvBaU6DRxAn0VF oz4pfRfOJa5jDNND5Jco2R4sIbDVkPzaki2YG5eRb1hGMqnBMVE3bhQphdy3YF3OcoxR Rk1Epf/8zi3m6WHlZiVP6Vl4WiR5Jxu4m4VqJsI7kOLqH8+R4yk/thJNloZrpVxqap7k Hjtw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=C68cT9Vs; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces+patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (ip-8-43-85-97.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id h124-20020a1f9e82000000b0049d4163942esi135203vke.189.2023.10.17.06.08.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Oct 2023 06:08:19 -0700 (PDT) Received-SPF: pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=C68cT9Vs; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces+patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 57E19383DB59 for ; Tue, 17 Oct 2023 13:07:59 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x42d.google.com (mail-pf1-x42d.google.com [IPv6:2607:f8b0:4864:20::42d]) by sourceware.org (Postfix) with ESMTPS id AE680385E02D for ; Tue, 17 Oct 2023 13:06:51 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org AE680385E02D Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org AE680385E02D Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::42d ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1697548012; cv=none; b=dJpuNnbTnjnN3tXDGA5ze1qekEHyXjcvvGJbQ29qcJe9dwPpkOTggVwzrpnCtioShHHV6DvI1xER+LQlTMSRLv+ZWeGUfOGEuPHTuLN/ePo8HpWro9oS9H0Vqa3k2IEAXjFRsuOwDvnVucTRegasNHX/Wap3lLk8xD4e8TSTm4c= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1697548012; c=relaxed/simple; bh=/14hMOfrdbjyNdiy4FstCws/zVFE4wTVdJ9wq44vwUw=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=fWEr+BsyVVeJ8kqJFwIVKN+8Kp43CUfZ9CeRt55sfNDxxjCyoG7ACd67bxK05B3PGDs4uyXD0pSnGR3F/IYgpk3AJSr/de5zdydAkjJYhw50uIDA9Pn2dyDUXNheat35BdRM0XQPT7qJfgB4K2nGipVzXOO0aHoLvooPn0M+Gug= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pf1-x42d.google.com with SMTP id d2e1a72fcca58-6be840283ceso313105b3a.3 for ; Tue, 17 Oct 2023 06:06:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1697548010; x=1698152810; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Pph0HzXGubFkM72YNoRwe9rSD1jpPmNhGJehSpDJ8NU=; b=C68cT9Vsq9xEaFaYmlODNTcupoeE+/YKa7UE4buXgNrS0YR364PQEV1XcQggrtiB+l OH3dXF73VAz8EE3ATxP8fVGEXWA3ZajhU5Xoryixi6dZekNvUAklcUBgypYVQZzKg/wb kuFQWGrNbF2Y5F0tjGwXG5PtNIMiINhTXQdGOsdeCMKVK4gkIkiU2SQpQbZISzlQDPKO szTIrBA9PZzae5RED9lkaYqPst17U3gS5Bb7r8I+1J3dPFbhythKZS/za5qTrG4b727a 4QE3wXermxOQP5k5BscebHLD/1vGQULcLniWotnkPJ/Q4nNA5cTboPtXVSjddHYYGLHs v+Bw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697548010; x=1698152810; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Pph0HzXGubFkM72YNoRwe9rSD1jpPmNhGJehSpDJ8NU=; b=kGnLlk2B9CxeHWgJoCYj9gkF2/+zoZ2LeXt7LXkHTB14txm2jKgC1rSX4y4WPq1As8 5txRqbBZV4iODYQGau9UjHk7F9h4sPfu/y3iGBijQyBqGaJnwQTRd7ko83cq/pNicbBl qd/f0+d2LmE8hNzQJzVykhXjejrkHkTAqqRbq/NHAi3IwAQfkjGaViEWk31L1HLkU2Si UQnITQ/iGbDW6ina5CwC6RgQw3RE1XoVnQrZroQOO/oHAhiqdzW70PoSNAHuHaRQM1/9 Mgbz6YtDw+v2J28hTvvUl1aXpVpEN6HKEP9EkvGbGw6GxolAF8WmujSu/ysUmJ8+dlEY 3YMg== X-Gm-Message-State: AOJu0Yzj/ZA8yfiFbXUBgtro7BVZdJq+ZbsbHZa9XV4yy7QHXLAIf+Mw tzceXn6wEHLc3cZPXxvKCmHdlxvyidrPXjWsE18Duw== X-Received: by 2002:a05:6a21:7187:b0:159:fe1d:2f32 with SMTP id wq7-20020a056a21718700b00159fe1d2f32mr1825544pzb.42.1697548010002; Tue, 17 Oct 2023 06:06:50 -0700 (PDT) Received: from mandiga.. ([2804:1b3:a7c3:7f2e:11d:92b4:4d78:4197]) by smtp.gmail.com with ESMTPSA id l28-20020a635b5c000000b0056b6d1ac949sm1309788pgm.13.2023.10.17.06.06.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Oct 2023 06:06:49 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org, Siddhesh Poyarekar Subject: [PATCH v2 17/19] elf: Add comments on how LD_AUDIT and LD_PRELOAD handle __libc_enable_secure Date: Tue, 17 Oct 2023 10:05:24 -0300 Message-Id: <20231017130526.2216827-18-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231017130526.2216827-1-adhemerval.zanella@linaro.org> References: <20231017130526.2216827-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-13.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+patch=linaro.org@sourceware.org To make explicit why __libc_enable_secure is not checked. Reviewed-by: Siddhesh Poyarekar --- elf/rtld.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/elf/rtld.c b/elf/rtld.c index 638b019670..d1017ba9e9 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -2563,6 +2563,10 @@ process_envvars (struct dl_main_state *state) process_dl_debug (state, &envline[6]); break; } + /* For __libc_enable_secure mode, audit pathnames containing slashes + are ignored. Also, shared audit objects are only loaded only from + the standard search directories and only if they have set-user-ID + mode bit enabled. */ if (memcmp (envline, "AUDIT", 5) == 0) audit_list_add_string (&state->audit_list, &envline[6]); break; @@ -2576,7 +2580,10 @@ process_envvars (struct dl_main_state *state) break; } - /* List of objects to be preloaded. */ + /* For __libc_enable_secure mode, preload pathnames containing slashes + are ignored. Also, shared objects are only preloaded from the + standard search directories and only if they have set-user-ID mode + bit enabled. */ if (memcmp (envline, "PRELOAD", 7) == 0) { state->preloadlist = &envline[8];