[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 16 Aug 2022 22:45:45 -0700
From: Elvis Pranskevichus <elvis@...edb.com>
To: musl@...ts.openwall.com
Cc: elvis@...edb.com
Subject: [PATCH] ldso/dynlink: Protect LD_ env vars from getting clobbered by apps
There is no guarantee that the environment block will remain intact.
For example, PostgreSQL clobbers argv/environ area to implement its
"setproctitle" emulation on non-BSD [1], and there is a popular Python
library inspired by it [2]. As a result, setting `LD_LIBRARY_PATH`
or `LD_PRELOAD` has no effect on Postgres subprocesses when linking
against musl.
Protect against this by making a copies instead of storing the
original pointers directly.
(please CC me, I'm not subscribed to the list)
---
ldso/dynlink.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ldso/dynlink.c b/ldso/dynlink.c
index cc677952..703342b8 100644
--- a/ldso/dynlink.c
+++ b/ldso/dynlink.c
@@ -1756,8 +1756,8 @@ void __dls3(size_t *sp, size_t *auxv)
/* Only trust user/env if kernel says we're not suid/sgid */
if (!libc.secure) {
- env_path = getenv("LD_LIBRARY_PATH");
- env_preload = getenv("LD_PRELOAD");
+ env_path = strdup(getenv("LD_LIBRARY_PATH"));
+ env_preload = strdup(getenv("LD_PRELOAD"));
}
/* Activate error handler function */
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
