more random patches. who knows.
[patches.git] / setuid-bind-now.patch
1 --- glibc/elf/rtld.c
2 +++ glibc/elf/rtld.c
3 @@ -2641,6 +2641,24 @@ process_envvars (enum mode *modep)
4 GLRO(dl_debug_mask) = 0;
5 }
6
7 + if (__builtin_expect(GLRO(dl_lazy), 1)) {
8 + /* disable lazy bindings for SUID binaries.
9 + * All this funky code is so people can disable this behavior for
10 + * certain [broken] binaries (like Xorg). Once Xorg gets fixed,
11 + * we can reduce all of this to one file (like above with suid-debug).
12 + */
13 +#define _SUID_BIND_PATH "/etc/suid-bind-now/"
14 + char _bind_now_check[100] = _SUID_BIND_PATH;
15 + if (rtld_progname) {
16 + size_t proglen = strlen(rtld_progname);
17 + if (proglen + sizeof(_SUID_BIND_PATH) < sizeof(_bind_now_check))
18 + /* include the null byte in the copy */
19 + memcpy(_bind_now_check + sizeof(_SUID_BIND_PATH), rtld_progname, proglen+1);
20 + }
21 + if (!rtld_progname || __access(_bind_now_check, F_OK) != 0)
22 + GLRO(dl_lazy) = 0;
23 + }
24 +
25 if (mode != normal)
26 _exit (5);
27 }