From patchwork Mon Nov 6 20:25:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 741470 Delivered-To: patch@linaro.org Received: by 2002:adf:fd90:0:b0:32d:baff:b0ca with SMTP id d16csp1295283wrr; Mon, 6 Nov 2023 12:29:08 -0800 (PST) X-Google-Smtp-Source: AGHT+IF6r4VruuBw6TpkGL0DFWDazPkTxmVPZvAWiWpXUl2U4j9EkowdHbqg1X4dFhDOgaGbGJoc X-Received: by 2002:a05:6102:7d8:b0:45b:11de:9449 with SMTP id y24-20020a05610207d800b0045b11de9449mr27868933vsg.0.1699302547885; Mon, 06 Nov 2023 12:29:07 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1699302547; cv=pass; d=google.com; s=arc-20160816; b=fhj4yMerbOPusmeJECYXppRfAkQpHXY4cl/LvpfsX9p6jDwnbj8FoCpQtF4q2nOuz0 4eHsaLW0+sXa7utuq4gFvbxzcqsGFtW59PwoR/nef0RvwcFWQpqsOsPlZWmkRfauTzJB 0TAr2cqF+tVYQwWsGX9Q1L04LaqVKNYEYJSqHY1UN3nWfx+B2lvmtMIZ9KfDa+iMF0sl GFBpwIIH7fv9YNUXZwXTg8gyZ4mMYZi+U5vwlm01VK66QGD25DqUOHfXnn2Nmj9br/LY aTwQu9gcrffyENJDJcwChFewbRoKy9j5tTcKzrr8Q9u2B/u1tPc4pbz7K2mwKapmO7gw 5J9w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature:arc-filter:dmarc-filter:delivered-to; bh=lUVZmPWCaupkr5iho7XjQO9yTRSH4OXj4LD5UbLk+bM=; fh=+FUb54tScwW7D3lvWhZcQBi30wyNNn2DusdH7ahfqKk=; b=R3HuroHP1MDVNqK43spQXKJLTsHn7jYkVmoksuSXmCQBTrBZgiEaYBcGWJduD7iSdE V7ZkFWFAIaQnnPKrffgbBZsPvv42mgXypyp+gHSwnRtcSJl5B66LfO23cKlm4UOVnjkB KfBST0KsRF24nUwQva1t2T9TFQULeYm27hG6Ql+quGpJw6wlrqlz0PVYaBMqY7TYQyB8 y7uxL04RbxdYjY1iVp/m1ASlxU1Tqt+FhSMs66fIaXCJmMl6M+RwUWF1k8d7TJV1eTU2 S+Ay8iK384Qebe7AkQDfhHDk+RC1ovHBPvSbdUZNEFXXopVjC3dMNIKsyRyZYhcVlOhD Cg7Q== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=q7ic+d5S; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces+patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id d12-20020ac85d8c000000b0041cbf262514si6182470qtx.19.2023.11.06.12.29.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 12:29:07 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=q7ic+d5S; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces+patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 587013858C20 for ; Mon, 6 Nov 2023 20:29:07 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-yw1-x1131.google.com (mail-yw1-x1131.google.com [IPv6:2607:f8b0:4864:20::1131]) by sourceware.org (Postfix) with ESMTPS id A5934385C6D9 for ; Mon, 6 Nov 2023 20:26:32 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A5934385C6D9 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org A5934385C6D9 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::1131 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1699302393; cv=none; b=PGjqEi0xoapIUgx2Y41spu/wu3YrwwL4fI6JD4dyBBQLDf0nBWLusObqbmYVKGZ3/V0wwTq1nfmRTLyEry+ivRMiqtYWRPQ55nh8nhFe5y0TyhntGY1cEZXghv3ySQ8p2Ql8mSSbpQ+o+rXg3n/4LnKCmch5dOU/jGLELhOem5Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1699302393; c=relaxed/simple; bh=/3iDbWL0avDsXsgFNiaY6lZ2ByTk72AEBZhGw6Ueh6s=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=R0TgRIu1tbDcnl+S/w2uNUBymVtnxfrlcrCYcgZLOmE+bBOUJpClB8DVkyifJnBJdhRiKmkh2+dfSDSrae74ChaCnqjHnptxrMESxn9fxMgFIf3/htIh49vYFpr4p1aexqXxBMWh8tE7sKA5gNYPZMtjPrnVzKOUXRqZCWy5vII= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-yw1-x1131.google.com with SMTP id 00721157ae682-5a8ee23f043so57452397b3.3 for ; Mon, 06 Nov 2023 12:26:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1699302391; x=1699907191; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=lUVZmPWCaupkr5iho7XjQO9yTRSH4OXj4LD5UbLk+bM=; b=q7ic+d5SYWKDFQzMpHAUy5NET/Q8Lob9P9rNZNiA+Hx8ploKy6DApJN6On5Et+tFln VuBU1T2Z2cG8fu03QiaWwVV/r/kOLhwPdix8h5MG8qBfIS810Mo2ptzkbZLm9tjKmte1 TDowUUc5yMiAKKQgeM+F7r1ssrA6V7u2/HHM++fJAddlfKV2Jt1P0QiavobhRVL9wu5M AaGGKQasTW/neg4lODeBPiIFwjcqaCKTEiZgomkbPKLyJFYVD0FOxfni0U4WLlEtNk5J PAzA59KfHaUAl9W/R2xIIu4VVFHVBU4FCLTUMtckvJggpZ510FYT4bUSbsU8XLlxw8VO Uplg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699302391; x=1699907191; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=lUVZmPWCaupkr5iho7XjQO9yTRSH4OXj4LD5UbLk+bM=; b=BqA4HVsGKl4rBXfRZLJZXxBI0WssqNAwL6ohUCjgMPT+t5xIQj8bgFKBvI7jXTAzB8 7pa7DsS/jDGtfWpPuazDp0vUPVAMc7SLnhb4BW4UYfP0tNjwqNLsQOoRkRJ136n7Th3B Hox8/+50mAtKltB369Bx4ajXNVAxHooV+uraRW7ZOm3eLB6vZ6ZZJ8Vq10pFM9PrS6hi 726LyCqVJgiwnNQJivsRxyLvbksTBkky+Ae7QgWUF/0yMS/fPPtFvtXL8+Ewd4ZU4ZMH byZ1bf/OJ7Vee7silcgT4L/vegNJJOtltGRJQ8uGwxibaF2DDjWC8LiF/cfUcj9Hle+V JEkQ== X-Gm-Message-State: AOJu0YxagBo5By/po/3IEvFIozPuRhp28nCCt2sR0wWdbGW9sqACXKiY KX/iXH/PtcB4isWwTl2aARDsqyphDO6Ldcuq53ti2A== X-Received: by 2002:a81:4910:0:b0:5a8:6286:bee with SMTP id w16-20020a814910000000b005a862860beemr12225372ywa.4.1699302391656; Mon, 06 Nov 2023 12:26:31 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c0:a715:c1a0:7281:6384:2ee9]) by smtp.gmail.com with ESMTPSA id ci7-20020a05690c0a8700b005a7b8fddfedsm4707154ywb.41.2023.11.06.12.26.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 12:26:31 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org, Siddhesh Poyarekar Subject: [PATCH v3 17/19] elf: Add comments on how LD_AUDIT and LD_PRELOAD handle __libc_enable_secure Date: Mon, 6 Nov 2023 17:25:50 -0300 Message-Id: <20231106202552.3404059-18-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231106202552.3404059-1-adhemerval.zanella@linaro.org> References: <20231106202552.3404059-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-13.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+patch=linaro.org@sourceware.org To make explicit why __libc_enable_secure is not checked. Reviewed-by: Siddhesh Poyarekar --- elf/rtld.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/elf/rtld.c b/elf/rtld.c index 638b019670..d1017ba9e9 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -2563,6 +2563,10 @@ process_envvars (struct dl_main_state *state) process_dl_debug (state, &envline[6]); break; } + /* For __libc_enable_secure mode, audit pathnames containing slashes + are ignored. Also, shared audit objects are only loaded only from + the standard search directories and only if they have set-user-ID + mode bit enabled. */ if (memcmp (envline, "AUDIT", 5) == 0) audit_list_add_string (&state->audit_list, &envline[6]); break; @@ -2576,7 +2580,10 @@ process_envvars (struct dl_main_state *state) break; } - /* List of objects to be preloaded. */ + /* For __libc_enable_secure mode, preload pathnames containing slashes + are ignored. Also, shared objects are only preloaded from the + standard search directories and only if they have set-user-ID mode + bit enabled. */ if (memcmp (envline, "PRELOAD", 7) == 0) { state->preloadlist = &envline[8];