[patches.git] / setuid-bind-now.patch

--- glibc/elf/rtld.c
+++ glibc/elf/rtld.c
@@ -2641,6 +2641,24 @@ process_envvars (enum mode *modep)
 	  GLRO(dl_debug_mask) = 0;
         }
 
+	if (__builtin_expect(GLRO(dl_lazy), 1)) {
+		/* disable lazy bindings for SUID binaries.
+		 * All this funky code is so people can disable this behavior for
+		 * certain [broken] binaries (like Xorg).  Once Xorg gets fixed, 
+		 * we can reduce all of this to one file (like above with suid-debug).
+		 */
+#define _SUID_BIND_PATH "/etc/suid-bind-now/"
+		char _bind_now_check[100] = _SUID_BIND_PATH;
+		if (rtld_progname) {
+			size_t proglen = strlen(rtld_progname);
+			if (proglen + sizeof(_SUID_BIND_PATH) < sizeof(_bind_now_check))
+				/* include the null byte in the copy */
+				memcpy(_bind_now_check + sizeof(_SUID_BIND_PATH), rtld_progname, proglen+1);
+		}
+		if (!rtld_progname || __access(_bind_now_check, F_OK) != 0)
+			GLRO(dl_lazy) = 0;
+	}
+
       if (mode != normal)
 	_exit (5);
     }
Commit	Line	Data
b53d1f41 MF	1	--- glibc/elf/rtld.c
	2	+++ glibc/elf/rtld.c
	3	@@ -2641,6 +2641,24 @@ process_envvars (enum mode *modep)
	4	GLRO(dl_debug_mask) = 0;
	5	}
	6
	7	+ if (__builtin_expect(GLRO(dl_lazy), 1)) {
	8	+ /* disable lazy bindings for SUID binaries.
	9	+ * All this funky code is so people can disable this behavior for
	10	+ * certain [broken] binaries (like Xorg). Once Xorg gets fixed,
	11	+ * we can reduce all of this to one file (like above with suid-debug).
	12	+ */
	13	+#define _SUID_BIND_PATH "/etc/suid-bind-now/"
	14	+ char _bind_now_check[100] = _SUID_BIND_PATH;
	15	+ if (rtld_progname) {
	16	+ size_t proglen = strlen(rtld_progname);
	17	+ if (proglen + sizeof(_SUID_BIND_PATH) < sizeof(_bind_now_check))
	18	+ /* include the null byte in the copy */
	19	+ memcpy(_bind_now_check + sizeof(_SUID_BIND_PATH), rtld_progname, proglen+1);
	20	+ }
	21	+ if (!rtld_progname \|\| __access(_bind_now_check, F_OK) != 0)
	22	+ GLRO(dl_lazy) = 0;
	23	+ }
	24	+
	25	if (mode != normal)
	26	_exit (5);
	27	}