From 8d3e91d4f842911366155845afb3cfbdad0b4cad Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Thu, 25 Apr 2013 13:15:24 -0700 Subject: [PATCH] linker: only re-open std* for setuid programs. get_AT_SECURE() was getting called before linker_env_init() had been called, and returning the default value ("true"). This was causing us to reopen closed stdin, stdout, and stderr for ALL processes, not just privileged (setuid) processes. Calling path: - __linker_init - soinfo_link_image - get_AT_SECURE - __linker_init_post_relocation - linker_env_init This change restores the intended behavior of only re-opening stdin, stdout, and stderr for privileged processes. Change-Id: I8b085ea6597710ac4c1a3c93f1bf8b81eecb08c0 --- linker/linker.cpp | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/linker/linker.cpp b/linker/linker.cpp index 47c45eb0b..3ce75f106 100644 --- a/linker/linker.cpp +++ b/linker/linker.cpp @@ -1595,11 +1595,6 @@ static bool soinfo_link_image(soinfo* si) { return false; } - // If this is a setuid/setgid program, close the security hole described in - // ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc - if (get_AT_SECURE()) { - nullify_closed_stdio(); - } notify_gdb_of_load(si); return true; } @@ -1628,6 +1623,12 @@ static Elf32_Addr __linker_init_post_relocation(KernelArgumentBlock& args, Elf32 // Initialize environment functions, and get to the ELF aux vectors table. linker_env_init(args); + // If this is a setuid/setgid program, close the security hole described in + // ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc + if (get_AT_SECURE()) { + nullify_closed_stdio(); + } + debuggerd_init(); // Get a few environment variables.