diff options
Diffstat (limited to 'sys-libs/glibc/files/glibc-sec-hotfix-20040916.patch')
-rw-r--r-- | sys-libs/glibc/files/glibc-sec-hotfix-20040916.patch | 95 |
1 files changed, 0 insertions, 95 deletions
diff --git a/sys-libs/glibc/files/glibc-sec-hotfix-20040916.patch b/sys-libs/glibc/files/glibc-sec-hotfix-20040916.patch deleted file mode 100644 index 3858a0f9c9d1..000000000000 --- a/sys-libs/glibc/files/glibc-sec-hotfix-20040916.patch +++ /dev/null @@ -1,95 +0,0 @@ -diff -Nru glibc-2.3.3.old/elf/rtld.c glibc-2.3.3/elf/rtld.c ---- glibc-2.3.3.old/elf/rtld.c 2004-09-16 15:02:16.000000000 -0400 -+++ glibc-2.3.3/elf/rtld.c 2004-09-16 15:04:58.000000000 -0400 -@@ -2041,6 +2041,30 @@ - GLRO(dl_profile_output) - = &"/var/tmp\0/var/profile"[INTUSE(__libc_enable_secure) ? 9 : 0]; - -+ /* Extra security for SUID binaries. Remove all dangerous environment -+ variables. */ -+ if (__builtin_expect (INTUSE(__libc_enable_secure), 0)) -+ { -+ static const char unsecure_envvars[] = -+#ifdef EXTRA_UNSECURE_ENVVARS -+ EXTRA_UNSECURE_ENVVARS -+#endif -+ UNSECURE_ENVVARS; -+ const char *nextp; -+ -+ nextp = unsecure_envvars; -+ do -+ { -+ unsetenv (nextp); -+ /* We could use rawmemchr but this need not be fast. */ -+ nextp = (char *) (strchr) (nextp, '\0') + 1; -+ } -+ while (*nextp != '\0'); -+ -+ if (__access ("/etc/suid-debug", F_OK) != 0) -+ unsetenv ("MALLOC_CHECK_"); -+ } -+ - while ((envline = _dl_next_ld_env_entry (&runp)) != NULL) - { - size_t len = 0; -@@ -2188,33 +2212,10 @@ - /* The caller wants this information. */ - *modep = mode; - -- /* Extra security for SUID binaries. Remove all dangerous environment -- variables. */ -- if (__builtin_expect (INTUSE(__libc_enable_secure), 0)) -- { -- static const char unsecure_envvars[] = --#ifdef EXTRA_UNSECURE_ENVVARS -- EXTRA_UNSECURE_ENVVARS --#endif -- UNSECURE_ENVVARS; -- const char *nextp; -- -- nextp = unsecure_envvars; -- do -- { -- unsetenv (nextp); -- /* We could use rawmemchr but this need not be fast. */ -- nextp = (char *) (strchr) (nextp, '\0') + 1; -- } -- while (*nextp != '\0'); -- -- if (__access ("/etc/suid-debug", F_OK) != 0) -- unsetenv ("MALLOC_CHECK_"); -- } - /* If we have to run the dynamic linker in debugging mode and the - LD_DEBUG_OUTPUT environment variable is given, we write the debug - messages to this file. */ -- else if (any_debug && debug_output != NULL) -+ if (any_debug && debug_output != NULL) - { - #ifdef O_NOFOLLOW - const int flags = O_WRONLY | O_APPEND | O_CREAT | O_NOFOLLOW; -diff -Nru glibc-2.3.3.old/malloc/malloc.c glibc-2.3.3/malloc/malloc.c ---- glibc-2.3.3.old/malloc/malloc.c 2004-09-16 15:03:22.000000000 -0400 -+++ glibc-2.3.3/malloc/malloc.c 2004-09-16 15:04:58.000000000 -0400 -@@ -321,6 +321,10 @@ - #define assert(x) ((void)0) - #endif - -+#include <abort-instr.h> -+#ifndef ABORT_INSTRUCTION -+#define ABORT_INSTRUCTION -+#endif - - /* - INTERNAL_SIZE_T is the word-size used for internal bookkeeping -diff -Nru glibc-2.3.3.old/sysdeps/generic/unsecvars.h glibc-2.3.3/sysdeps/generic/unsecvars.h ---- glibc-2.3.3.old/sysdeps/generic/unsecvars.h 2004-09-16 15:03:11.000000000 -0400 -+++ glibc-2.3.3/sysdeps/generic/unsecvars.h 2004-09-16 15:04:58.000000000 -0400 -@@ -3,6 +3,8 @@ - with a '\0' explicitly. */ - #define UNSECURE_ENVVARS \ - "LD_PRELOAD\0" \ -+ "LD_DEBUG\0" \ -+ "LD_TRACE_PRELINKING\0" \ - "LD_LIBRARY_PATH\0" \ - "LD_ORIGIN_PATH\0" \ - "LD_DEBUG_OUTPUT\0" \ |