From patchwork Mon Dec 18 22:41:45 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Dmitry V. Levin" X-Patchwork-Id: 850463 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=sourceware.org (client-ip=209.132.180.131; helo=sourceware.org; envelope-from=libc-alpha-return-88306-incoming=patchwork.ozlabs.org@sourceware.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.b="kx9HexF1"; dkim-atps=neutral Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3z0wyC6s91z9sR8 for ; Tue, 19 Dec 2017 09:41:55 +1100 (AEDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:mime-version :content-type; q=dns; s=default; b=ZGM3vvmQqAZ3fdSlE1OS6FRETB3oL GaBxN95TSHfiinwlkesTTNzGtad+TIDvbLerFyDN96qqYfsuj8ZTF+16xoD692+K Wwjp9QMSWdxoZy09GnBfRGc8dsxM/RTNpSxsyHIx+vESOTdOr1XfIRXHhwZhacOT eQkUtq/ufnZ6L0= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:mime-version :content-type; s=default; bh=SKgjXvRl4hcGO7JjG9M3I3MzFs8=; b=kx9 HexF1xo4vzy39NLFUH1C6FVRGV5E83vOjrKKJh233u9I03QizkoWHa8krO60a0SK 0pbWa3YiS+h6tHLqosHbxZvrguHWo/jK0HY+8mModNByPG3ySozk0lfU+2TjON54 U2a1QKD6SlAytTo9/QApu+y95/7ueFNjmhf98EMo= Received: (qmail 122393 invoked by alias); 18 Dec 2017 22:41:49 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 122371 invoked by uid 89); 18 Dec 2017 22:41:49 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.0 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, SPF_PASS, T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 spammy= X-HELO: vmicros1.altlinux.org Date: Tue, 19 Dec 2017 01:41:45 +0300 From: "Dmitry V. Levin" To: libc-alpha@sourceware.org Subject: [PATCH] elf: remove redundant __libc_enable_secure check from fillin_rpath Message-ID: <20171218224145.GB26303@altlinux.org> Mail-Followup-To: libc-alpha@sourceware.org MIME-Version: 1.0 Content-Disposition: inline There are just two users of fillin_rpath: one is decompose_rpath that sets check_trusted argument to 0, another one is _dl_init_paths that sets check_trusted argument to __libc_enable_secure and invokes fillin_rpath only when LD_LIBRARY_PATH is non-empty. Starting with commit glibc-2.25.90-512-gf6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d, LD_LIBRARY_PATH is ignored for __libc_enable_secure executables, so check_trusted argument of fillin_rpath is always zero. * elf/dl-load.c (is_trusted_path): Remove. (fillin_rpath): Remove check_trusted argument and its use, all callers changed. --- ChangeLog | 6 ++++++ elf/dl-load.c | 33 +++------------------------------ 2 files changed, 9 insertions(+), 30 deletions(-) diff --git a/elf/dl-load.c b/elf/dl-load.c index e7d97dc..2964464 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -117,24 +117,6 @@ static const size_t system_dirs_len[] = #define nsystem_dirs_len array_length (system_dirs_len) static bool -is_trusted_path (const char *path, size_t len) -{ - const char *trun = system_dirs; - - for (size_t idx = 0; idx < nsystem_dirs_len; ++idx) - { - if (len == system_dirs_len[idx] && memcmp (trun, path, len) == 0) - /* Found it. */ - return true; - - trun += system_dirs_len[idx] + 1; - } - - return false; -} - - -static bool is_trusted_path_normalize (const char *path, size_t len) { if (len == 0) @@ -428,8 +410,7 @@ static size_t max_dirnamelen; static struct r_search_path_elem ** fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep, - int check_trusted, const char *what, const char *where, - struct link_map *l) + const char *what, const char *where, struct link_map *l) { char *cp; size_t nelems = 0; @@ -459,13 +440,6 @@ fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep, if (len > 0 && cp[len - 1] != '/') cp[len++] = '/'; - /* Make sure we don't use untrusted directories if we run SUID. */ - if (__glibc_unlikely (check_trusted) && !is_trusted_path (cp, len)) - { - free (to_free); - continue; - } - /* See if this directory is already known. */ for (dirp = GL(dl_all_dirs); dirp != NULL; dirp = dirp->next) if (dirp->dirnamelen == len && memcmp (cp, dirp->dirname, len) == 0) @@ -614,7 +588,7 @@ decompose_rpath (struct r_search_path_struct *sps, _dl_signal_error (ENOMEM, NULL, NULL, errstring); } - fillin_rpath (copy, result, ":", 0, what, where, l); + fillin_rpath (copy, result, ":", what, where, l); /* Free the copied RPATH string. `fillin_rpath' make own copies if necessary. */ @@ -791,8 +765,7 @@ _dl_init_paths (const char *llp) } (void) fillin_rpath (llp_tmp, env_path_list.dirs, ":;", - __libc_enable_secure, "LD_LIBRARY_PATH", - NULL, l); + "LD_LIBRARY_PATH", NULL, l); if (env_path_list.dirs[0] == NULL) {