generic-library/bionic
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

linker: only re-open std* for setuid programs.

Browse Source 
get_AT_SECURE() was getting called before linker_env_init() had
been called, and returning the default value ("true"). This was
causing us to reopen closed stdin, stdout, and stderr for ALL
processes, not just privileged (setuid) processes.

Calling path:
  - __linker_init
    - soinfo_link_image
      - get_AT_SECURE
    - __linker_init_post_relocation
      - linker_env_init

This change restores the intended behavior of only re-opening
stdin, stdout, and stderr for privileged processes.

Change-Id: I8b085ea6597710ac4c1a3c93f1bf8b81eecb08c0
This commit is contained in:
Nick Kralevich 2013-04-25 13:15:24 -07:00
parent 87efcd2e63
commit 8d3e91d4f8
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
linker/linker.cpp
View File

@ -1595,11 +1595,6 @@ static bool soinfo_link_image(soinfo* si) {
return false;
}
// If this is a setuid/setgid program, close the security hole described in
// ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc
if (get_AT_SECURE()) {
nullify_closed_stdio();
}
notify_gdb_of_load(si);
return true;
}
@ -1628,6 +1623,12 @@ static Elf32_Addr __linker_init_post_relocation(KernelArgumentBlock& args, Elf32
// Initialize environment functions, and get to the ELF aux vectors table.
linker_env_init(args);
// If this is a setuid/setgid program, close the security hole described in
// ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc
if (get_AT_SECURE()) {
nullify_closed_stdio();
}
debuggerd_init();
// Get a few environment variables.