[ports/core-arm.git] / glibc / glibc-ignore_origin.patch

# http://sourceware.org/ml/libc-hacker/2010-12/msg00001.html
# new fix for http://seclists.org/fulldisclosure/2010/Oct/257

2010-12-09  Andreas Schwab  <schwab@redhat.com>

	* elf/dl-object.c (_dl_new_object): Ignore origin of privileged
	program.
---
 elf/dl-object.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/elf/dl-object.c b/elf/dl-object.c
index 5d15ce1..a34e902 100644
--- a/elf/dl-object.c
+++ b/elf/dl-object.c
@@ -220,6 +220,9 @@ _dl_new_object (char *realname, const char *libname, int type,
     out:
       new->l_origin = origin;
     }
+  else if (INTUSE(__libc_enable_secure) && type == lt_executable)
+    /* The origin of a privileged program cannot be trusted.  */
+    new->l_origin = (char *) -1;
 
   return new;
 }
Commit	Line	Data
34fed911 VM	1	# http://sourceware.org/ml/libc-hacker/2010-12/msg00001.html
	2	# new fix for http://seclists.org/fulldisclosure/2010/Oct/257
	3
	4	2010-12-09 Andreas Schwab <schwab@redhat.com>
	5
	6	* elf/dl-object.c (_dl_new_object): Ignore origin of privileged
	7	program.
	8	---
	9	elf/dl-object.c \| 3 +++
	10	1 files changed, 3 insertions(+), 0 deletions(-)
	11
	12	diff --git a/elf/dl-object.c b/elf/dl-object.c
	13	index 5d15ce1..a34e902 100644
	14	--- a/elf/dl-object.c
	15	+++ b/elf/dl-object.c
	16	@@ -220,6 +220,9 @@ _dl_new_object (char realname, const char libname, int type,
	17	out:
	18	new->l_origin = origin;
	19	}
	20	+ else if (INTUSE(__libc_enable_secure) && type == lt_executable)
	21	+ /* The origin of a privileged program cannot be trusted. */
	22	+ new->l_origin = (char *) -1;
	23
	24	return new;
	25	}
	26