more random patches. who knows.

[patches.git] / setuid-bind-now.patch

diff --git a/setuid-bind-now.patch b/setuid-bind-now.patch
new file mode 100644 (file)
index 0000000..4a28bcb
--- /dev/null
+++ b/setuid-bind-now.patch
@@ -0,0 +1,27 @@
+--- glibc/elf/rtld.c
++++ glibc/elf/rtld.c
+@@ -2641,6 +2641,24 @@ process_envvars (enum mode *modep)
+         GLRO(dl_debug_mask) = 0;
+         }
+ 
++      if (__builtin_expect(GLRO(dl_lazy), 1)) {
++              /* disable lazy bindings for SUID binaries.
++               * All this funky code is so people can disable this behavior for
++               * certain [broken] binaries (like Xorg).  Once Xorg gets fixed, 
++               * we can reduce all of this to one file (like above with suid-debug).
++               */
++#define _SUID_BIND_PATH "/etc/suid-bind-now/"
++              char _bind_now_check[100] = _SUID_BIND_PATH;
++              if (rtld_progname) {
++                      size_t proglen = strlen(rtld_progname);
++                      if (proglen + sizeof(_SUID_BIND_PATH) < sizeof(_bind_now_check))
++                              /* include the null byte in the copy */
++                              memcpy(_bind_now_check + sizeof(_SUID_BIND_PATH), rtld_progname, proglen+1);
++              }
++              if (!rtld_progname || __access(_bind_now_check, F_OK) != 0)
++                      GLRO(dl_lazy) = 0;
++      }
++
+       if (mode != normal)
+       _exit (5);
+     }