ldso: move the suid/secure check code closer to env/auxv processing

this does not change behavior, but the idea is to avoid letting other
code build up between these two points, whereby the environment
variables might get used before security it checked.

diff --git a/src/ldso/dynlink.c b/src/ldso/dynlink.c
index 390f50baeddf9adc5b9dca8968ace0e2f22955af..57a5ba46044264374b77889108e14e7dd9a163bf 100644 (file)
--- a/src/ldso/dynlink.c
+++ b/src/ldso/dynlink.c
@@ -482,13 +482,6 @@ void *__dynlink(int argc, char **argv, size_t *got)
 
        decode_vec(auxv, aux, AUX_CNT);
 
-       for (i=0; auxv[i]; i+=2) {
-               if (auxv[i]==AT_SYSINFO_EHDR) {
-                       vdso_base = auxv[i+1];
-                       break;
-               }
-       }
-
        /* Only trust user/env if kernel says we're not suid/sgid */
        if ((aux[0]&0x7800)!=0x7800 || aux[AT_UID]!=aux[AT_EUID]
          || aux[AT_GID]!=aux[AT_EGID] || aux[AT_SECURE]) {
@@ -496,6 +489,13 @@ void *__dynlink(int argc, char **argv, size_t *got)
                env_preload = 0;
        }
 
+       for (i=0; auxv[i]; i+=2) {
+               if (auxv[i]==AT_SYSINFO_EHDR) {
+                       vdso_base = auxv[i+1];
+                       break;
+               }
+       }
+
        /* Relocate ldso's DYNAMIC pointer and load vector */
        decode_vec((void *)(got[0] += aux[AT_BASE]), lib_dyn, DYN_CNT);