This is the mail archive of the libc-hacker@sourceware.cygnus.com mailing list for the glibc project.
Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Hi!
If a user runs a suid/sgid program with LD_LIBRARY_PATH set, so that all
fields of it go away because they are insecure, open_path segfaults because
it does not expect the path list to be empty.
We can either fix open_path to use a while () {} loop instead of do {} while (),
or make sure env_path_list is killed if it has 0 list. I don't think
RPATH/RUNPATH can have 0 elements, so IMHO it is better not to slow down
things for all 3 cases but only for LD_LIBRARY_PATH.
2000-05-22 Jakub Jelinek <jakub@redhat.com>
* elf/dl-load.c (_dl_init_paths): If env_path_list has 0 elements,
free it and set to (void *) -1.
--- libc/elf/dl-load.c.jj Tue May 9 13:47:25 2000
+++ libc/elf/dl-load.c Mon May 22 14:43:19 2000
@@ -636,6 +636,11 @@ _dl_init_paths (const char *llp)
(void) fillin_rpath (local_strdup (llp), env_path_list, ":;",
__libc_enable_secure, "LD_LIBRARY_PATH", NULL);
+ if (env_path_list[0] == NULL)
+ {
+ free (env_path_list);
+ env_path_list = (void *) -1;
+ }
}
else
env_path_list = (void *) -1;
Jakub
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |