[PATCH nptl] ldso: Add config option for controlling LD_PRELOAD
Carmelo AMOROSO
carmelo.amoroso at st.com
Wed Apr 14 05:24:46 UTC 2010
On hardened system it could be useful to disable the use
of LD_PRELOAD environment variable for preloading shared objects
before the system libraries. So this patch add a config option,
LDSO_PRELOAD_ENV_SUPPORT, to control this behaviour.
It is enabled by default.
Signed-off-by: Carmelo Amoroso <carmelo.amoroso at st.com>
---
extra/Configs/Config.in | 12 ++++++++++++
ldso/ldso/ldso.c | 8 ++++++++
2 files changed, 20 insertions(+), 0 deletions(-)
diff --git a/extra/Configs/Config.in b/extra/Configs/Config.in
index 90094ca..13e0d17 100644
--- a/extra/Configs/Config.in
+++ b/extra/Configs/Config.in
@@ -309,6 +309,18 @@ config LDSO_PRELOAD_FILE_SUPPORT
whitespace separated list of shared libraries to be loaded before
the program.
+config LDSO_PRELOAD_ENV_SUPPORT
+ bool "Enable library loader LD_PRELOAD environment"
+ depends on HAVE_SHARED
+ default y
+ help
+ Enable this to make use of LD_PRELOAD environment variable.
+ A whitespace-separated list of additional, user-specified, ELF shared
+ libraries to be loaded before all others. This can be used to
+ selectively override functions in other shared libraries. For
+ set-user-ID/set-group-ID ELF binaries, only libraries in the standard
+ search directories that are also set-user-ID will be loaded.
+
config LDSO_BASE_FILENAME
string "Shared library loader naming prefix"
depends on HAVE_SHARED && (LDSO_CACHE_SUPPORT || LDSO_PRELOAD_FILE_SUPPORT)
diff --git a/ldso/ldso/ldso.c b/ldso/ldso/ldso.c
index 74da588..ea4ad0f 100644
--- a/ldso/ldso/ldso.c
+++ b/ldso/ldso/ldso.c
@@ -47,7 +47,9 @@
/* Global variables used within the shared library loader */
char *_dl_library_path = NULL; /* Where we look for libraries */
+#ifdef __LDSO_PRELOAD_ENV_SUPPORT__
char *_dl_preload = NULL; /* Things to be loaded before the libs */
+#endif
char *_dl_ldsopath = NULL; /* Location of the shared lib loader */
int _dl_errno = 0; /* We can't use the real errno in ldso */
size_t _dl_pagesize = 0; /* Store the page size for use later */
@@ -348,7 +350,9 @@ void _dl_get_ready_to_run(struct elf_resolve *tpnt, DL_LOADADDR_TYPE load_addr,
auxvt[AT_UID].a_un.a_val == auxvt[AT_EUID].a_un.a_val &&
auxvt[AT_GID].a_un.a_val == auxvt[AT_EGID].a_un.a_val)) {
_dl_secure = 0;
+#ifdef __LDSO_PRELOAD_ENV_SUPPORT__
_dl_preload = _dl_getenv("LD_PRELOAD", envp);
+#endif
_dl_library_path = _dl_getenv("LD_LIBRARY_PATH", envp);
} else {
static const char unsecure_envvars[] =
@@ -365,7 +369,9 @@ void _dl_get_ready_to_run(struct elf_resolve *tpnt, DL_LOADADDR_TYPE load_addr,
/* We could use rawmemchr but this need not be fast. */
nextp = _dl_strchr(nextp, '\0') + 1;
} while (*nextp != '\0');
+#ifdef __LDSO_PRELOAD_ENV_SUPPORT__
_dl_preload = NULL;
+#endif
_dl_library_path = NULL;
/* SUID binaries can be exploited if they do LAZY relocation. */
unlazy = RTLD_NOW;
@@ -612,6 +618,7 @@ void _dl_get_ready_to_run(struct elf_resolve *tpnt, DL_LOADADDR_TYPE load_addr,
_dl_map_cache();
+#ifdef __LDSO_PRELOAD_ENV_SUPPORT__
if (_dl_preload) {
char c, *str, *str2;
@@ -667,6 +674,7 @@ void _dl_get_ready_to_run(struct elf_resolve *tpnt, DL_LOADADDR_TYPE load_addr,
str++;
}
}
+#endif /* __LDSO_PRELOAD_ENV_SUPPORT__ */
#ifdef __LDSO_PRELOAD_FILE_SUPPORT__
do {
--
1.6.3.3
More information about the uClibc
mailing list