59 lines
2.0 KiB
Diff
59 lines
2.0 KiB
Diff
commit 7b543dcdf97d07fd4346feb17916e08fe83ad0ae
|
|
Author: Florian Weimer <fweimer@redhat.com>
|
|
Date: Thu Jan 15 22:29:46 2026 +0100
|
|
|
|
elf: Ignore LD_PROFILE if LD_PROFILE_OUTPUT is not set (bug 33797)
|
|
|
|
The previous default for LD_PROFILE_OUTPUT, /var/tmp, is insecure
|
|
because it's typically a 1777 directory, and other systems could
|
|
place malicious files there which interfere with execution.
|
|
|
|
Requiring the user to specify a profiling directory mitigates
|
|
the impact of bug 33797. Clear LD_PROFILE_OUTPUT alongside
|
|
with LD_PROFILE.
|
|
|
|
Rework the test not to use predictable file names.
|
|
|
|
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
|
|
|
Conflicts:
|
|
elf/rtld.c
|
|
(different implementation of environment variable filtering
|
|
downstream)
|
|
elf/tst-env-setuid.c
|
|
(no LD_PROFILE test downstream)
|
|
|
|
diff --git a/elf/rtld.c b/elf/rtld.c
|
|
index 425003e6c8e452ab..1fbfc65a38e19110 100644
|
|
--- a/elf/rtld.c
|
|
+++ b/elf/rtld.c
|
|
@@ -2954,6 +2954,16 @@ process_envvars (struct dl_main_state *state)
|
|
if (state->mode != rtld_mode_normal)
|
|
_exit (5);
|
|
}
|
|
+
|
|
+ /* There is no fixed, safe directory to store profiling data, so
|
|
+ activate LD_PROFILE only if LD_PROFILE_OUTPUT is set as well. */
|
|
+ if (GLRO(dl_profile) != NULL && GLRO(dl_profile_output) == NULL)
|
|
+ {
|
|
+ _dl_error_printf ("\
|
|
+warning: LD_PROFILE ignored because LD_PROFILE_OUTPUT not specified\n");
|
|
+ GLRO(dl_profile) = NULL;
|
|
+ }
|
|
+
|
|
/* If we have to run the dynamic linker in debugging mode and the
|
|
LD_DEBUG_OUTPUT environment variable is given, we write the debug
|
|
messages to this file. */
|
|
diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h
|
|
index 5ea8a4a259ef753c..0b84642f71ae9351 100644
|
|
--- a/sysdeps/generic/unsecvars.h
|
|
+++ b/sysdeps/generic/unsecvars.h
|
|
@@ -21,6 +21,7 @@
|
|
"LD_ORIGIN_PATH\0" \
|
|
"LD_PRELOAD\0" \
|
|
"LD_PROFILE\0" \
|
|
+ "LD_PROFILE_OUTPUT\0" \
|
|
"LD_SHOW_AUXV\0" \
|
|
"LD_USE_LOAD_BIAS\0" \
|
|
"LOCALDOMAIN\0" \
|