[PATCH V2] libc: deal with aux vect inside __uClibc_main only if !SHARED

Carmelo AMOROSO carmelo.amoroso at st.com
Wed Feb 6 14:57:36 UTC 2013 

On 14/12/2012 11.49, Filippo ARCIDIACONO wrote:
> On 12/14/2012 11:40 AM, Filippo ARCIDIACONO wrote:
>> It's not safe to use the aux vect inside __uClibc_main if we are running
>> with shared libraries, because it could have been already modified.
>> For example, if some constructor plays with environment variables by
>> using unsetenv, the modifications done into the stack to unset an
>> environment variable, have impacts on the aux vect due to the extra NULL
>> entries added.
>> Due to this, __uClibc_main is not able to detect where the aux vect
>> starts, so all the entries that are used by __uClibc_main (AT_UID,
>> AT_EUID, AT_GID, AT_EGID, AT_PAGESZ and possibly other arch specific)
>> are impacted.
>>
>> Same side effect on the aux vect is caused by the ld.so when running a
>> SUID program with some of the unsecure environment variables set, that
>> will be unset by the ld.so itself.
>>
>> In order to fix this issue, it needs to handle aux vect entries into
>> __uClibc_main only if SHARED is not defined.
>> In SHARED case, libc refers to __dl_secure and _dl_pagesize as
>> initialised
>> by the ld.so where the aux vext is still untouched.
>>
>> Signed-off-by: Filippo Arcidiacono <filippo.arcidiacono at st.com>
>> Reviewed-by: Carmelo Amoroso <carmelo.amoroso at st.com>
>> ---
>>   ldso/ldso/ldso.c                    |    2 +-
>>   libc/misc/elf/dl-support.c          |    4 ++++
>>   libc/misc/internals/__uClibc_main.c |   22 ++++++++++++++++------
>>   3 files changed, 21 insertions(+), 7 deletions(-)
>>
> [SNIP]
> 
> Please consider this version.
> It fixes last minute build problem and avoid some compiler warning.
> 
> regards,
> Filippo.

Hello,
I'd like to have some other feedback on this before committing.
I have reviewed this Filippo during the debug, so my opinion is not
"neutral" ;-)

Cheers,
Carmelo

> _______________________________________________
> uClibc mailing list
> uClibc at uclibc.org
> http://lists.busybox.net/mailman/listinfo/uclibc
> 
>

More information about the uClibc mailing list