prepare support for LD_LIBRARY_PATH (checking suid/sgid safety)

the use of this test will be much stricter than glibc and other
typical implementations; the environment will not be honored
whatsoever unless the program is confirmed non-suid/sgid by the aux
vector the kernel passed in. no fallback to slow syscall-based
checking is used if the kernel fails to provide the information; we
simply assume the worst (suid) in this case and refuse to honor
environment.

diff --git a/src/ldso/dynlink.c b/src/ldso/dynlink.c
index 8ade0737f4af23301610cea363f44c524f4e50fa..b308b875f995c0a06e5b24dfafc9cc40f3a0cd1a 100644 (file)
--- a/src/ldso/dynlink.c
+++ b/src/ldso/dynlink.c
@@ -48,6 +48,7 @@ struct dso
 };
 
 static struct dso *head, *tail, *libc;
+static int trust_env;
 
 #define AUX_CNT 15
 #define DYN_CNT 34
@@ -373,6 +374,11 @@ void *__dynlink(int argc, char **argv, size_t *got)
 
        /* At this point the standard library is fully functional */
 
+       /* Only trust user/env if kernel says we're not suid/sgid */
+       trust_env = (aux[0]&0x7800)==0x7800
+               && aux[AT_UID]==aux[AT_EUID]
+               && aux[AT_GID]==aux[AT_EGID];
+
        head = tail = &app;
        libc = &lib;
        app.next = 0;