This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.
Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
Hi!
2 changes in 1:
1) make sure noone can trick getconf invoked through say suid program
that executes other programs to invoke something that it shouldn't
2) avoid using getconf binary, so that even with cross installs
the right files are installed
2004-11-26 Jakub Jelinek <jakub@redhat.com>
* sysdeps/generic/unsecvars.h (UNSECURE_ENVVARS): Add GETCONF_DIR.
* posix/Makefile (generated: Add getconf.speclist.
($(inst_libexecdir)/getconf): Use getconf.speclist instead of
getconf output.
($(objpfx)getconf.speclist): New rule.
* posix/getconf.speclist.h: New file.
--- libc/sysdeps/generic/unsecvars.h.jj 2003-11-25 10:13:33.000000000 +0100
+++ libc/sysdeps/generic/unsecvars.h 2004-11-26 10:13:58.184202161 +0100
@@ -9,6 +9,7 @@
"LD_PROFILE\0" \
"LD_USE_LOAD_BIAS\0" \
"GCONV_PATH\0" \
+ "GETCONF_DIR\0" \
"HOSTALIASES\0" \
"LOCALDOMAIN\0" \
"LOCPATH\0" \
--- libc/posix/getconf.speclist.h.jj 2004-11-26 09:47:51.646745768 +0100
+++ libc/posix/getconf.speclist.h 2004-11-26 09:47:13.445558501 +0100
@@ -0,0 +1,15 @@
+#include <unistd.h>
+const char *START_OF_STRINGS =
+#if _POSIX_V6_ILP32_OFF32 == 1
+"_POSIX_V6_ILP32_OFF32"
+#endif
+#if _POSIX_V6_ILP32_OFFBIG == 1
+"_POSIX_V6_ILP32_OFFBIG"
+#endif
+#if _POSIX_V6_LP64_OFF64 == 1
+"_POSIX_V6_LP64_OFF64"
+#endif
+#if _POSIX_V6_LPBIG_OFFBIG == 1
+"_POSIX_V6_LPBIG_OFFBIG"
+#endif
+"";
--- libc/posix/Makefile.jj 2004-11-26 00:30:42.000000000 +0100
+++ libc/posix/Makefile 2004-11-26 10:05:04.654443059 +0100
@@ -102,7 +102,8 @@ generated := $(addprefix wordexp-test-re
bug-regex21-mem bug-regex21.mtrace \
tst-rxspencer-mem tst-rxspencer.mtrace tst-getconf.out \
tst-pcre-mem tst-pcre.mtrace tst-boost-mem tst-boost.mtrace \
- bug-ga2.mtrace bug-ga2-mem bug-glob2.mtrace bug-glob2-mem
+ bug-ga2.mtrace bug-ga2-mem bug-glob2.mtrace bug-glob2-mem \
+ getconf.speclist
include ../Rules
@@ -263,12 +264,16 @@ bug-glob2-ENV = MALLOC_TRACE=$(objpfx)bu
$(objpfx)bug-glob2-mem: $(objpfx)bug-glob2.out
$(common-objpfx)malloc/mtrace $(objpfx)bug-glob2.mtrace > $@
-$(inst_libexecdir)/getconf: $(objpfx)getconf FORCE
+$(inst_libexecdir)/getconf: $(objpfx)getconf $(objpfx)getconf.speclist FORCE
$(addprefix $(..)./scripts/mkinstalldirs ,\
$(filter-out $(wildcard $@),$@))
- for spec in `LC_ALL=C GETCONF_DIR=/dev/null \
- $(run-program-prefix) $< \
- _POSIX_V6_WIDTH_RESTRICTED_ENVS`; do \
- $(INSTALL_PROGRAM) $< $@/$$spec.new; \
- mv -f $@/$$spec.new $@/$$spec; \
+ for spec in `cat $(objpfx)getconf.speclist`; do \
+ $(INSTALL_PROGRAM) $< $@/$$spec.new; \
+ mv -f $@/$$spec.new $@/$$spec; \
done
+
+$(objpfx)getconf.speclist: getconf.speclist.h
+ $(CC) -E $(CFLAGS) $(CPPFLAGS) $< \
+ | sed -n -e '/START_OF_STRINGS/,$${/_POSIX_V6_/{s/^[^"]*"//;s/".*$$//;p}}' \
+ > $@.new
+ mv -f $@.new $@
Jakub
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |