X-Git-Url: https://git.wh0rd.org/?p=patches.git;a=blobdiff_plain;f=setuid-bind-now.patch;fp=setuid-bind-now.patch;h=4a28bcba97f576f9423ed417b0d9f1a3c6ca5dcd;hp=0000000000000000000000000000000000000000;hb=b53d1f41b32c8078c755a63c7bf0d2852263ee99;hpb=6d7b707a99652eefa9b245d8f1e0053f3583c79c

diff --git a/setuid-bind-now.patch b/setuid-bind-now.patch
new file mode 100644
index 0000000..4a28bcb
--- /dev/null
+++ b/setuid-bind-now.patch
@@ -0,0 +1,27 @@
+--- glibc/elf/rtld.c
++++ glibc/elf/rtld.c
+@@ -2641,6 +2641,24 @@ process_envvars (enum mode *modep)
+ 	  GLRO(dl_debug_mask) = 0;
+         }
+ 
++	if (__builtin_expect(GLRO(dl_lazy), 1)) {
++		/* disable lazy bindings for SUID binaries.
++		 * All this funky code is so people can disable this behavior for
++		 * certain [broken] binaries (like Xorg).  Once Xorg gets fixed, 
++		 * we can reduce all of this to one file (like above with suid-debug).
++		 */
++#define _SUID_BIND_PATH "/etc/suid-bind-now/"
++		char _bind_now_check[100] = _SUID_BIND_PATH;
++		if (rtld_progname) {
++			size_t proglen = strlen(rtld_progname);
++			if (proglen + sizeof(_SUID_BIND_PATH) < sizeof(_bind_now_check))
++				/* include the null byte in the copy */
++				memcpy(_bind_now_check + sizeof(_SUID_BIND_PATH), rtld_progname, proglen+1);
++		}
++		if (!rtld_progname || __access(_bind_now_check, F_OK) != 0)
++			GLRO(dl_lazy) = 0;
++	}
++
+       if (mode != normal)
+ 	_exit (5);
+     }