From 74955460c5b9f23d7783395ce2478f5b7c5fd876 Mon Sep 17 00:00:00 2001 From: Ulrich Drepper Date: Tue, 26 Sep 2000 09:46:55 +0000 Subject: [PATCH] Update. 2000-09-26 Thorsten Kukuk * nscd/dbg_log.c (dbg_log): Add missing format string. * catgets/catgets.c (catopen): Use getenv instead of __secure_getenv since we filter out the variable once. * iconv/gconv_conf.c (__gconv_get_path): Likewise. * locale/newlocale.c (__newlocale): Likewise. * locale/setlocale.c (setlocale): Likewise. * malloc/malloc.c (ptmalloc_init): Likewise. * resolv/res_hconf.c (_res_hconf_init): Likewise. * resolv/res_init.c (__res_vinit): Likewise. * time/tzfile.c (__tzfile_read): Likewise. * sysdeps/generic/unsecvars.h: New file. * elf/dl-support.c (non_dynamic_init): Use it here to remove variables. * elf/rtld.c (process_envvars): Likewise. * elf/Makefile (distribute): Add unsecvars.h. --- ChangeLog | 18 ++++++++++++++++++ catgets/catgets.c | 2 +- elf/Makefile | 2 +- elf/dl-support.c | 22 ++++++++++++++++++++++ elf/rtld.c | 5 +++++ iconv/gconv_conf.c | 2 +- locale/newlocale.c | 2 +- locale/setlocale.c | 2 +- malloc/malloc.c | 2 +- nscd/dbg_log.c | 4 ++-- resolv/res_hconf.c | 2 +- resolv/res_init.c | 4 ++-- sysdeps/generic/unsecvars.h | 11 +++++++++++ time/tzfile.c | 4 ++-- 14 files changed, 69 insertions(+), 13 deletions(-) create mode 100644 sysdeps/generic/unsecvars.h diff --git a/ChangeLog b/ChangeLog index 4c14c1d5a9..0541977d0a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,23 @@ +2000-09-26 Thorsten Kukuk + + * nscd/dbg_log.c (dbg_log): Add missing format string. + 2000-09-26 Ulrich Drepper + * catgets/catgets.c (catopen): Use getenv instead of __secure_getenv + since we filter out the variable once. + * iconv/gconv_conf.c (__gconv_get_path): Likewise. + * locale/newlocale.c (__newlocale): Likewise. + * locale/setlocale.c (setlocale): Likewise. + * malloc/malloc.c (ptmalloc_init): Likewise. + * resolv/res_hconf.c (_res_hconf_init): Likewise. + * resolv/res_init.c (__res_vinit): Likewise. + * time/tzfile.c (__tzfile_read): Likewise. + * sysdeps/generic/unsecvars.h: New file. + * elf/dl-support.c (non_dynamic_init): Use it here to remove variables. + * elf/rtld.c (process_envvars): Likewise. + * elf/Makefile (distribute): Add unsecvars.h. + * misc/daemon.c (daemon): Fail if !noclose and we cannot open the real /dev/null device. diff --git a/catgets/catgets.c b/catgets/catgets.c index cad515d81a..5014f86b01 100644 --- a/catgets/catgets.c +++ b/catgets/catgets.c @@ -56,7 +56,7 @@ catopen (const char *cat_name, int flag) env_var_len = strlen (env_var) + 1; - nlspath = __secure_getenv ("NLSPATH"); + nlspath = getenv ("NLSPATH"); if (nlspath != NULL && *nlspath != '\0') { /* Append the system dependent directory. */ diff --git a/elf/Makefile b/elf/Makefile index 0fc81e021f..84815b30ea 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -46,7 +46,7 @@ distribute := $(rtld-routines:=.c) dynamic-link.h do-rel.h dl-machine.h \ testobj1.c testobj2.c testobj3.c testobj4.c testobj5.c \ testobj6.c testobj1_1.c failobj.c unloadmod.c \ ldconfig.h ldconfig.c cache.c readlib.c readelflib.c \ - dep1.c dep2.c dep3.c dep4.c dl-dtprocnum.h \ + dep1.c dep2.c dep3.c dep4.c dl-dtprocnum.h unsecvars.h \ vismain.c vismod1.c vismod2.c vismod3.c \ constload2.c constload3.c filtmod1.c filtmod2.c \ nodlopenmod.c nodelete.c nodelmod1.c nodelmod2.c \ diff --git a/elf/dl-support.c b/elf/dl-support.c index 50b37e8166..75d7b1926a 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -27,6 +27,8 @@ #include #include #include +#include +#include extern char *__progname; char **_dl_argv = &__progname; /* This is checked for some error messages. */ @@ -125,6 +127,26 @@ non_dynamic_init (void) _dl_dynamic_weak = *(getenv ("LD_DYNAMIC_WEAK") ?: "") == '\0'; + if (__libc_enable_secure) + { + static const char *unsecure_envvars[] = + { + UNSECURE_ENVVARS, +#ifdef EXTRA_UNSECURE_ENVVARS + EXTRA_UNSECURE_ENVVARS +#endif + }; + size_t cnt; + + for (cnt = 0; + cnt < sizeof (unsecure_envvars) / sizeof (unsecure_envvars[0]); + ++cnt) + unsetenv (unsecure_envvars[cnt]); + + if (__access ("/etc/suid-debug", F_OK) != 0) + unsetenv ("MALLOC_CHECK_"); + } + #ifdef DL_PLATFORM_INIT DL_PLATFORM_INIT; #endif diff --git a/elf/rtld.c b/elf/rtld.c index 18ff312baa..d17d83961d 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -30,6 +30,7 @@ #include #include "dynamic-link.h" #include "dl-librecon.h" +#include #include @@ -1465,6 +1466,7 @@ process_envvars (enum mode *modep, int *lazyp) { static const char *unsecure_envvars[] = { + UNSECURE_ENVVARS, #ifdef EXTRA_UNSECURE_ENVVARS EXTRA_UNSECURE_ENVVARS #endif @@ -1486,6 +1488,9 @@ process_envvars (enum mode *modep, int *lazyp) cnt < sizeof (unsecure_envvars) / sizeof (unsecure_envvars[0]); ++cnt) unsetenv (unsecure_envvars[cnt]); + + if (__access ("/etc/suid-debug", F_OK) != 0) + unsetenv ("MALLOC_CHECK_"); } /* The name of the object to profile cannot be empty. */ diff --git a/iconv/gconv_conf.c b/iconv/gconv_conf.c index 4746f43bbb..57c832d6a9 100644 --- a/iconv/gconv_conf.c +++ b/iconv/gconv_conf.c @@ -420,7 +420,7 @@ __gconv_get_path (void) char *cwd; size_t cwdlen; - user_path = __secure_getenv ("GCONV_PATH"); + user_path = getenv ("GCONV_PATH"); if (user_path == NULL) { /* No user-defined path. Make a modifiable copy of the diff --git a/locale/newlocale.c b/locale/newlocale.c index 5c0d7ba46a..cd40943ccc 100644 --- a/locale/newlocale.c +++ b/locale/newlocale.c @@ -91,7 +91,7 @@ __newlocale (int category_mask, const char *locale, __locale_t base) locale_path = NULL; locale_path_len = 0; - locpath_var = __secure_getenv ("LOCPATH"); + locpath_var = getenv ("LOCPATH"); if (locpath_var != NULL && locpath_var[0] != '\0') if (__argz_create_sep (locpath_var, ':', &locale_path, &locale_path_len) != 0) diff --git a/locale/setlocale.c b/locale/setlocale.c index 03456fba71..c3e5066c35 100644 --- a/locale/setlocale.c +++ b/locale/setlocale.c @@ -239,7 +239,7 @@ setlocale (int category, const char *locale) locale_path = NULL; locale_path_len = 0; - locpath_var = __secure_getenv ("LOCPATH"); + locpath_var = getenv ("LOCPATH"); if (locpath_var != NULL && locpath_var[0] != '\0') if (__argz_create_sep (locpath_var, ':', &locale_path, &locale_path_len) != 0) diff --git a/malloc/malloc.c b/malloc/malloc.c index 46a4db221d..9a8a087560 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -1722,7 +1722,7 @@ ptmalloc_init __MALLOC_P((void)) mALLOPt(M_MMAP_MAX, atoi(s)); } s = getenv("MALLOC_CHECK_"); - if(s && (! secure || access ("/etc/suid-debug", F_OK) == 0)) { + if(s) { if(s[0]) mALLOPt(M_CHECK_ACTION, (int)(s[0] - '0')); __malloc_check_init(); } diff --git a/nscd/dbg_log.c b/nscd/dbg_log.c index 21997cdcf4..69252592a8 100644 --- a/nscd/dbg_log.c +++ b/nscd/dbg_log.c @@ -1,4 +1,4 @@ -/* Copyright (c) 1998 Free Software Foundation, Inc. +/* Copyright (c) 1998, 2000 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Thorsten Kukuk , 1998. @@ -61,7 +61,7 @@ dbg_log (const char *fmt,...) else { snprintf (msg, sizeof (msg), "%d: %s", getpid (), msg2); - syslog (LOG_NOTICE, msg); + syslog (LOG_NOTICE, "%s", msg); } va_end (ap); } diff --git a/resolv/res_hconf.c b/resolv/res_hconf.c index 243cfbe0ec..cb5fe38a51 100644 --- a/resolv/res_hconf.c +++ b/resolv/res_hconf.c @@ -327,7 +327,7 @@ _res_hconf_init (void) memset (&_res_hconf, '\0', sizeof (_res_hconf)); - hconf_name = __secure_getenv (ENV_HOSTCONF); + hconf_name = getenv (ENV_HOSTCONF); if (hconf_name == NULL) hconf_name = _PATH_HOSTCONF; diff --git a/resolv/res_init.c b/resolv/res_init.c index e0ea6edc3a..fa60b77c81 100644 --- a/resolv/res_init.c +++ b/resolv/res_init.c @@ -185,7 +185,7 @@ __res_vinit(res_state statp, int preinit) { #endif /* Allow user to override the local domain definition */ - if ((cp = __secure_getenv("LOCALDOMAIN")) != NULL) { + if ((cp = getenv("LOCALDOMAIN")) != NULL) { (void)strncpy(statp->defdname, cp, sizeof(statp->defdname) - 1); statp->defdname[sizeof(statp->defdname) - 1] = '\0'; haveenv++; @@ -423,7 +423,7 @@ __res_vinit(res_state statp, int preinit) { #endif /* !RFC1535 */ } - if ((cp = __secure_getenv("RES_OPTIONS")) != NULL) + if ((cp = getenv("RES_OPTIONS")) != NULL) res_setoptions(statp, cp, "env"); statp->options |= RES_INIT; return (0); diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h new file mode 100644 index 0000000000..57b3368b6c --- /dev/null +++ b/sysdeps/generic/unsecvars.h @@ -0,0 +1,11 @@ +/* Environment variable to be removed for SUID programs. */ +#define UNSECURE_ENVVARS \ + "GCONV_PATH", \ + "LOCALDOMAIN", \ + "LOCPATH", \ + "MALLOC_TRACE", \ + "NLSPATH", \ + "RESOLV_HOST_CONF" \ + "RES_OPTIONS", \ + "TMPDIR", \ + "TZDIR" diff --git a/time/tzfile.c b/time/tzfile.c index a2974033d4..c55ad5c509 100644 --- a/time/tzfile.c +++ b/time/tzfile.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1991,92,93,95,96,97,98,99 Free Software Foundation, Inc. +/* Copyright (C) 1991,92,93,95,96,97,98,99,2000 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -130,7 +130,7 @@ __tzfile_read (const char *file, size_t extra, char **extrap) unsigned int len, tzdir_len; char *new, *tmp; - tzdir = __secure_getenv ("TZDIR"); + tzdir = getenv ("TZDIR"); if (tzdir == NULL || *tzdir == '\0') { tzdir = default_tzdir;