glibc/glibc-ignore_origin.patch

   1 # http://sourceware.org/ml/libc-hacker/2010-12/msg00001.html
   2 # new fix for http://seclists.org/fulldisclosure/2010/Oct/257
   3
   4 2010-12-09  Andreas Schwab  <schwab@redhat.com>
   5
   6         * elf/dl-object.c (_dl_new_object): Ignore origin of privileged
   7         program.
   8 ---
   9  elf/dl-object.c |    3 +++
  10  1 files changed, 3 insertions(+), 0 deletions(-)
  11
  12 diff --git a/elf/dl-object.c b/elf/dl-object.c
  13 index 5d15ce1..a34e902 100644
  14 --- a/elf/dl-object.c
  15 +++ b/elf/dl-object.c
  16 @@ -220,6 +220,9 @@ _dl_new_object (char *realname, const char *libname, int type,
  17      out:
  18        new->l_origin = origin;
  19      }
  20 +  else if (INTUSE(__libc_enable_secure) && type == lt_executable)
  21 +    /* The origin of a privileged program cannot be trusted.  */
  22 +    new->l_origin = (char *) -1;
  23
  24    return new;
  25  }
  26