mirror of
https://github.com/RGBCube/serenity
synced 2025-07-25 03:17:35 +00:00
Loader.so+LibELF: Do not read environment variables if AT_SECURE is set
AT_SECURE is set in the auxiliary vector when we execute setuid/setgid programs. In those cases, we do not want to read environment variables that influence the logic of the dynamic loader, as they can be controlled by the user.
This commit is contained in:
parent
20974b0772
commit
a4b74cba0b
3 changed files with 22 additions and 8 deletions
|
@ -135,6 +135,7 @@ void _start(int argc, char** argv, char** envp)
|
|||
|
||||
int main_program_fd = -1;
|
||||
String main_program_name;
|
||||
bool is_secure = false;
|
||||
for (; auxvp->a_type != AT_NULL; ++auxvp) {
|
||||
if (auxvp->a_type == ELF::AuxiliaryValue::ExecFileDescriptor) {
|
||||
main_program_fd = auxvp->a_un.a_val;
|
||||
|
@ -142,6 +143,9 @@ void _start(int argc, char** argv, char** envp)
|
|||
if (auxvp->a_type == ELF::AuxiliaryValue::ExecFilename) {
|
||||
main_program_name = (const char*)auxvp->a_un.a_ptr;
|
||||
}
|
||||
if (auxvp->a_type == ELF::AuxiliaryValue::Secure) {
|
||||
is_secure = auxvp->a_un.a_val == 1;
|
||||
}
|
||||
}
|
||||
|
||||
if (main_program_name == "/usr/lib/Loader.so") {
|
||||
|
@ -156,7 +160,7 @@ void _start(int argc, char** argv, char** envp)
|
|||
ASSERT(main_program_fd >= 0);
|
||||
ASSERT(!main_program_name.is_empty());
|
||||
|
||||
ELF::DynamicLinker::linker_main(move(main_program_name), main_program_fd, argc, argv, envp);
|
||||
ELF::DynamicLinker::linker_main(move(main_program_name), main_program_fd, is_secure, argc, argv, envp);
|
||||
ASSERT_NOT_REACHED();
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue