1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/patches/glibc/2.1.3/rh62-06-glibc-2.1.3-preload.patch Sat Jul 28 21:34:41 2007 +0000
1.3 @@ -0,0 +1,86 @@
1.4 +2001-01-08 Ulrich Drepper <drepper@redhat.com>
1.5 +
1.6 + * elf/rtld.c (process_envvars): Place output files for profiling
1.7 + in SUID binaries in /var/profile.
1.8 +
1.9 + * elf/dl-load.c (_dl_map_object): Don't look in cache for
1.10 + preloading in SUID binaries.
1.11 +
1.12 + * elf/dl-profile.c (_dl_start_profile): Open the output file with
1.13 + O_NOFOLLOW if possible.
1.14 +
1.15 + * sysdeps/generic/segfault.c (install_handler): Check output file
1.16 + name with access().
1.17 +
1.18 +--- libc/elf/rtld.c 2000/03/15 05:42:01 1.148.2.7
1.19 ++++ libc/elf/rtld.c 2001/01/10 07:45:19
1.20 +@@ -1273,7 +1273,7 @@
1.21 + char *debug_output = NULL;
1.22 +
1.23 + /* This is the default place for profiling data file. */
1.24 +- _dl_profile_output = "/var/tmp";
1.25 ++ _dl_profile_output = __libc_enable_secure ? "/var/profile" : "/var/tmp";
1.26 +
1.27 + while ((envline = _dl_next_ld_env_entry (&runp)) != NULL)
1.28 + {
1.29 +--- libc/elf/dl-load.c 1999/11/20 02:26:38 1.103.2.5
1.30 ++++ libc/elf/dl-load.c 2001/01/10 07:45:20
1.31 +@@ -1338,7 +1338,7 @@
1.32 + if (fd == -1 && env_path_list != NULL)
1.33 + fd = open_path (name, namelen, preloaded, env_path_list, &realname);
1.34 +
1.35 +- if (fd == -1)
1.36 ++ if (fd == -1 && (! preloaded || ! __libc_enable_secure))
1.37 + {
1.38 + /* Check the list of libraries in the file /etc/ld.so.cache,
1.39 + for compatibility with Linux's ldconfig program. */
1.40 +--- libc/elf/dl-profile.c 1998/06/07 13:35:48 1.14
1.41 ++++ libc/elf/dl-profile.c 2001/01/10 07:45:21
1.42 +@@ -263,7 +263,12 @@
1.43 + *cp++ = '/';
1.44 + __stpcpy (__stpcpy (cp, _dl_profile), ".profile");
1.45 +
1.46 +- fd = __open (filename, O_RDWR | O_CREAT, 0666);
1.47 ++#ifdef O_NOFOLLOW
1.48 ++# define EXTRA_FLAGS | O_NOFOLLOW
1.49 ++#else
1.50 ++# define EXTRA_FLAGS
1.51 ++#endif
1.52 ++ fd = __open (filename, O_RDWR | O_CREAT EXTRA_FLAGS, 0666);
1.53 + if (fd == -1)
1.54 + {
1.55 + /* We cannot write the profiling data so don't do anything. */
1.56 +--- libc/sysdeps/generic/segfault.c 2000/03/21 04:53:40 1.10.2.2
1.57 ++++ libc/sysdeps/generic/segfault.c 2001/01/10 07:45:22
1.58 +@@ -236,6 +236,7 @@
1.59 +
1.60 + /* Preserve the output file name if there is any given. */
1.61 + name = getenv ("SEGFAULT_OUTPUT_NAME");
1.62 +- if (name != NULL && name[0] != '\0')
1.63 ++ if (name != NULL && name[0] != '\0'
1.64 ++ && (!__libc_enable_secure || access (name, R_OK | W_OK) == 0))
1.65 + fname = __strdup (name);
1.66 + }
1.67 +
1.68 +--- libc/sysdeps/unix/sysv/linux/i386/dl-librecon.h.jj Wed Feb 24 23:01:58 1999
1.69 ++++ libc/sysdeps/unix/sysv/linux/i386/dl-librecon.h Mon Jan 15 04:30:57 2001
1.70 +@@ -49,13 +49,17 @@
1.71 + /* Recognizing extra environment variables. */
1.72 + #define EXTRA_LD_ENVVARS \
1.73 + case 15: \
1.74 +- if (memcmp (&envline[3], "LIBRARY_VERSION", 15) == 0) \
1.75 ++ if (!__libc_enable_secure \
1.76 ++ && memcmp (&envline[3], "LIBRARY_VERSION", 15) == 0) \
1.77 + { \
1.78 + _dl_correct_cache_id = envline[19] == '5' ? 2 : 3; \
1.79 + break; \
1.80 + }
1.81 +
1.82 + /* Extra unsecure variables. */
1.83 +-#define EXTRA_UNSECURE_ENVVARS "LD_AOUT_LIBRARY_PATH", "LD_AOUT_PRELOAD"
1.84 ++#define EXTRA_UNSECURE_ENVVARS \
1.85 ++ "LD_AOUT_LIBRARY_PATH", \
1.86 ++ "LD_AOUT_PRELOAD", \
1.87 ++ "LD_LIBRARY_VERSION"
1.88 +
1.89 + #endif /* dl-librecon.h */