diff options
Diffstat (limited to 'base/glibc/glibc-2.12.1-require-suid-on-audit.patch')
| -rw-r--r-- | base/glibc/glibc-2.12.1-require-suid-on-audit.patch | 218 |
1 files changed, 0 insertions, 218 deletions
diff --git a/base/glibc/glibc-2.12.1-require-suid-on-audit.patch b/base/glibc/glibc-2.12.1-require-suid-on-audit.patch deleted file mode 100644 index b01dd14e5..000000000 --- a/base/glibc/glibc-2.12.1-require-suid-on-audit.patch +++ /dev/null @@ -1,218 +0,0 @@ -From 8e9f92e9d5d7737afdacf79b76d98c4c42980508 Mon Sep 17 00:00:00 2001 -From: Andreas Schwab <schwab@redhat.com> -Date: Sun, 24 Oct 2010 21:43:15 -0400 -Subject: [PATCH 1/1] Require suid bit on audit objects in privileged programs - ---- - ChangeLog | 15 +++++++++++++++ - elf/dl-deps.c | 2 +- - elf/dl-load.c | 20 +++++++++++--------- - elf/dl-open.c | 2 +- - elf/rtld.c | 16 +++++++--------- - include/dlfcn.h | 1 + - sysdeps/generic/ldsodefs.h | 6 ++---- - 7 files changed, 38 insertions(+), 24 deletions(-) - -diff --git a/elf/dl-deps.c b/elf/dl-deps.c -index a58de5c..a51fb6e 100644 ---- a/elf/dl-deps.c -+++ b/elf/dl-deps.c -@@ -62,7 +62,7 @@ openaux (void *a) - { - struct openaux_args *args = (struct openaux_args *) a; - -- args->aux = _dl_map_object (args->map, args->name, 0, -+ args->aux = _dl_map_object (args->map, args->name, - (args->map->l_type == lt_executable - ? lt_library : args->map->l_type), - args->trace_mode, args->open_mode, -diff --git a/elf/dl-load.c b/elf/dl-load.c -index a7162eb..aa8738f 100644 ---- a/elf/dl-load.c -+++ b/elf/dl-load.c -@@ -1812,7 +1812,7 @@ open_verify (const char *name, struct filebuf *fbp, struct link_map *loader, - if MAY_FREE_DIRS is true. */ - - static int --open_path (const char *name, size_t namelen, int preloaded, -+open_path (const char *name, size_t namelen, int secure, - struct r_search_path_struct *sps, char **realname, - struct filebuf *fbp, struct link_map *loader, int whatcode, - bool *found_other_class) -@@ -1894,7 +1894,7 @@ open_path (const char *name, size_t namelen, int preloaded, - /* Remember whether we found any existing directory. */ - here_any |= this_dir->status[cnt] != nonexisting; - -- if (fd != -1 && __builtin_expect (preloaded, 0) -+ if (fd != -1 && __builtin_expect (secure, 0) - && INTUSE(__libc_enable_secure)) - { - /* This is an extra security effort to make sure nobody can -@@ -1963,7 +1963,7 @@ open_path (const char *name, size_t namelen, int preloaded, - - struct link_map * - internal_function --_dl_map_object (struct link_map *loader, const char *name, int preloaded, -+_dl_map_object (struct link_map *loader, const char *name, - int type, int trace_mode, int mode, Lmid_t nsid) - { - int fd; -@@ -2067,7 +2067,8 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded, - for (l = loader; l; l = l->l_loader) - if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH")) - { -- fd = open_path (name, namelen, preloaded, &l->l_rpath_dirs, -+ fd = open_path (name, namelen, mode & __RTLD_SECURE, -+ &l->l_rpath_dirs, - &realname, &fb, loader, LA_SER_RUNPATH, - &found_other_class); - if (fd != -1) -@@ -2082,14 +2083,15 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded, - && main_map != NULL && main_map->l_type != lt_loaded - && cache_rpath (main_map, &main_map->l_rpath_dirs, DT_RPATH, - "RPATH")) -- fd = open_path (name, namelen, preloaded, &main_map->l_rpath_dirs, -+ fd = open_path (name, namelen, mode & __RTLD_SECURE, -+ &main_map->l_rpath_dirs, - &realname, &fb, loader ?: main_map, LA_SER_RUNPATH, - &found_other_class); - } - - /* Try the LD_LIBRARY_PATH environment variable. */ - if (fd == -1 && env_path_list.dirs != (void *) -1) -- fd = open_path (name, namelen, preloaded, &env_path_list, -+ fd = open_path (name, namelen, mode & __RTLD_SECURE, &env_path_list, - &realname, &fb, - loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded, - LA_SER_LIBPATH, &found_other_class); -@@ -2098,12 +2100,12 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded, - if (fd == -1 && loader != NULL - && cache_rpath (loader, &loader->l_runpath_dirs, - DT_RUNPATH, "RUNPATH")) -- fd = open_path (name, namelen, preloaded, -+ fd = open_path (name, namelen, mode & __RTLD_SECURE, - &loader->l_runpath_dirs, &realname, &fb, loader, - LA_SER_RUNPATH, &found_other_class); - - if (fd == -1 -- && (__builtin_expect (! preloaded, 1) -+ && (__builtin_expect (! (mode & __RTLD_SECURE), 1) - || ! INTUSE(__libc_enable_secure))) - { - /* Check the list of libraries in the file /etc/ld.so.cache, -@@ -2169,7 +2171,7 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded, - && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL - || __builtin_expect (!(l->l_flags_1 & DF_1_NODEFLIB), 1)) - && rtld_search_dirs.dirs != (void *) -1) -- fd = open_path (name, namelen, preloaded, &rtld_search_dirs, -+ fd = open_path (name, namelen, mode & __RTLD_SECURE, &rtld_search_dirs, - &realname, &fb, l, LA_SER_DEFAULT, &found_other_class); - - /* Add another newline when we are tracing the library loading. */ -diff --git a/elf/dl-open.c b/elf/dl-open.c -index c394b3f..cf8e8cc 100644 ---- a/elf/dl-open.c -+++ b/elf/dl-open.c -@@ -223,7 +223,7 @@ dl_open_worker (void *a) - - /* Load the named object. */ - struct link_map *new; -- args->map = new = _dl_map_object (call_map, file, 0, lt_loaded, 0, -+ args->map = new = _dl_map_object (call_map, file, lt_loaded, 0, - mode | __RTLD_CALLMAP, args->nsid); - - /* If the pointer returned is NULL this means the RTLD_NOLOAD flag is -diff --git a/elf/rtld.c b/elf/rtld.c -index 5ecc4fe..06b534a 100644 ---- a/elf/rtld.c -+++ b/elf/rtld.c -@@ -589,7 +589,6 @@ struct map_args - /* Argument to map_doit. */ - char *str; - struct link_map *loader; -- int is_preloaded; - int mode; - /* Return value of map_doit. */ - struct link_map *map; -@@ -627,16 +626,17 @@ static void - map_doit (void *a) - { - struct map_args *args = (struct map_args *) a; -- args->map = _dl_map_object (args->loader, args->str, -- args->is_preloaded, lt_library, 0, args->mode, -- LM_ID_BASE); -+ args->map = _dl_map_object (args->loader, args->str, lt_library, 0, -+ args->mode, LM_ID_BASE); - } - - static void - dlmopen_doit (void *a) - { - struct dlmopen_args *args = (struct dlmopen_args *) a; -- args->map = _dl_open (args->fname, RTLD_LAZY | __RTLD_DLOPEN | __RTLD_AUDIT, -+ args->map = _dl_open (args->fname, -+ (RTLD_LAZY | __RTLD_DLOPEN | __RTLD_AUDIT -+ | __RTLD_SECURE), - dl_main, LM_ID_NEWLM, _dl_argc, INTUSE(_dl_argv), - __environ); - } -@@ -806,8 +806,7 @@ do_preload (char *fname, struct link_map *main_map, const char *where) - - args.str = fname; - args.loader = main_map; -- args.is_preloaded = 1; -- args.mode = 0; -+ args.mode = __RTLD_SECURE; - - unsigned int old_nloaded = GL(dl_ns)[LM_ID_BASE]._ns_nloaded; - -@@ -1054,7 +1053,6 @@ of this helper program; chances are you did not intend to run this program.\n\ - - args.str = rtld_progname; - args.loader = NULL; -- args.is_preloaded = 0; - args.mode = __RTLD_OPENEXEC; - (void) _dl_catch_error (&objname, &err_str, &malloced, map_doit, - &args); -@@ -1066,7 +1064,7 @@ of this helper program; chances are you did not intend to run this program.\n\ - else - { - HP_TIMING_NOW (start); -- _dl_map_object (NULL, rtld_progname, 0, lt_library, 0, -+ _dl_map_object (NULL, rtld_progname, lt_library, 0, - __RTLD_OPENEXEC, LM_ID_BASE); - HP_TIMING_NOW (stop); - -diff --git a/include/dlfcn.h b/include/dlfcn.h -index a67426d..af92483 100644 ---- a/include/dlfcn.h -+++ b/include/dlfcn.h -@@ -9,6 +9,7 @@ - #define __RTLD_OPENEXEC 0x20000000 - #define __RTLD_CALLMAP 0x10000000 - #define __RTLD_AUDIT 0x08000000 -+#define __RTLD_SECURE 0x04000000 /* Apply additional security checks. */ - - #define __LM_ID_CALLER -2 - -diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h -index fcc943b..fa4b6b2 100644 ---- a/sysdeps/generic/ldsodefs.h -+++ b/sysdeps/generic/ldsodefs.h -@@ -824,11 +824,9 @@ extern void _dl_receive_error (receiver_fct fct, void (*operate) (void *), - - /* Open the shared object NAME and map in its segments. - LOADER's DT_RPATH is used in searching for NAME. -- If the object is already opened, returns its existing map. -- For preloaded shared objects PRELOADED is set to a non-zero -- value to allow additional security checks. */ -+ If the object is already opened, returns its existing map. */ - extern struct link_map *_dl_map_object (struct link_map *loader, -- const char *name, int preloaded, -+ const char *name, - int type, int trace_mode, int mode, - Lmid_t nsid) - internal_function attribute_hidden; --- -1.7.2 - |