diff options
| author |   guenther <guenther@openbsd.org> | 2019-12-17 03:16:07 +0000 |
|---|---|---|
| committer | guenther <guenther@openbsd.org> | 2019-12-17 03:16:07 +0000 |
| commit | 4b65c70c5e05dc7a3d5ef502a5b4dc938ecf3bc5 (patch) | |
| tree | d795b6168d3b4993e406421e9fa47f4edb738cba /libexec | |
| parent | Add back some SOCK_DNS to socket() calls, and add a few more while (diff) | |
| download | wireguard-openbsd-4b65c70c5e05dc7a3d5ef502a5b4dc938ecf3bc5.tar.xz wireguard-openbsd-4b65c70c5e05dc7a3d5ef502a5b4dc938ecf3bc5.zip | |
Don't look up env variables until we know we'll trust them. Otherwise,
just delete them without looking.
ok millert@
Diffstat (limited to 'libexec')
| -rw-r--r-- | libexec/ld.so/loader.c | 53 |
1 files changed, 21 insertions, 32 deletions
diff --git a/libexec/ld.so/loader.c b/libexec/ld.so/loader.c index bf62da51bbe..f63825ff231 100644 --- a/libexec/ld.so/loader.c +++ b/libexec/ld.so/loader.c @@ -1,4 +1,4 @@ -/* $OpenBSD: loader.c,v 1.189 2019/12/11 18:27:54 millert Exp $ */ +/* $OpenBSD: loader.c,v 1.190 2019/12/17 03:16:07 guenther Exp $ */ /* * Copyright (c) 1998 Per Fogelstrom, Opsycon AB @@ -262,46 +262,35 @@ _dl_dopreload(char *paths) void _dl_setup_env(const char *argv0, char **envp) { - char *libpath; static char progname_storage[NAME_MAX+1] = ""; /* - * Get paths to various things we are going to use. - */ - _dl_debug = _dl_getenv("LD_DEBUG", envp) != NULL; - libpath = _dl_getenv("LD_LIBRARY_PATH", envp); - _dl_preload = _dl_getenv("LD_PRELOAD", envp); - _dl_bindnow = _dl_getenv("LD_BIND_NOW", envp) != NULL; - _dl_traceld = _dl_getenv("LD_TRACE_LOADED_OBJECTS", envp) != NULL; - _dl_tracefmt1 = _dl_getenv("LD_TRACE_LOADED_OBJECTS_FMT1", envp); - _dl_tracefmt2 = _dl_getenv("LD_TRACE_LOADED_OBJECTS_FMT2", envp); - _dl_traceprog = _dl_getenv("LD_TRACE_LOADED_OBJECTS_PROGNAME", envp); - - /* * Don't allow someone to change the search paths if he runs * a suid program without credentials high enough. */ _dl_trust = !_dl_issetugid(); if (!_dl_trust) { /* Zap paths if s[ug]id... */ - if (libpath) { - libpath = NULL; - _dl_unsetenv("LD_LIBRARY_PATH", envp); - } - if (_dl_preload) { - _dl_preload = NULL; - _dl_unsetenv("LD_PRELOAD", envp); - } - if (_dl_bindnow) { - _dl_bindnow = 0; - _dl_unsetenv("LD_BIND_NOW", envp); - } - if (_dl_debug) { - _dl_debug = 0; - _dl_unsetenv("LD_DEBUG", envp); - } + _dl_unsetenv("LD_DEBUG", envp); + _dl_unsetenv("LD_LIBRARY_PATH", envp); + _dl_unsetenv("LD_PRELOAD", envp); + _dl_unsetenv("LD_BIND_NOW", envp); + } else { + /* + * Get paths to various things we are going to use. + */ + _dl_debug = _dl_getenv("LD_DEBUG", envp) != NULL; + _dl_libpath = _dl_split_path(_dl_getenv("LD_LIBRARY_PATH", + envp)); + _dl_preload = _dl_getenv("LD_PRELOAD", envp); + _dl_bindnow = _dl_getenv("LD_BIND_NOW", envp) != NULL; } - if (libpath) - _dl_libpath = _dl_split_path(libpath); + + /* these are usable even in setugid processes */ + _dl_traceld = _dl_getenv("LD_TRACE_LOADED_OBJECTS", envp) != NULL; + _dl_tracefmt1 = _dl_getenv("LD_TRACE_LOADED_OBJECTS_FMT1", envp); + _dl_tracefmt2 = _dl_getenv("LD_TRACE_LOADED_OBJECTS_FMT2", envp); + _dl_traceprog = _dl_getenv("LD_TRACE_LOADED_OBJECTS_PROGNAME", envp); + environ = envp; _dl_trace_setup(envp); |