On 20 Jun 2014, at 19:08, Jonathan Anderson <jonat...@freebsd.org> wrote: > Author: jonathan > Date: Fri Jun 20 17:08:32 2014 > New Revision: 267678 > URL: http://svnweb.freebsd.org/changeset/base/267678 > > Log: > Add the LD_LIBRARY_PATH_FDS environmental variable. > > This variable allows the loading of shared libraries via directory > descriptors > rather than via library paths. If LD_LIBRARY_PATH_FDS=3:4:12, the > directories > represented by file descriptors 3, 4 and 12 will searched for shared > libraries > before the normal path-based mechanisms are used. This allows us to execute > unprivileged binaries from within a Capsicum sandbox even if they require > shared libraries. ... > Modified: head/libexec/rtld-elf/rtld.c > ============================================================================== > --- head/libexec/rtld-elf/rtld.c Fri Jun 20 15:43:58 2014 > (r267677) > +++ head/libexec/rtld-elf/rtld.c Fri Jun 20 17:08:32 2014 > (r267678) ... > +static int > +parse_libdir(const char *str) > +{ > + static const int RADIX = 10; /* XXXJA: possibly support hex? */ > + const char *orig; > + int fd; > + char c; > + > + orig = str; > + fd = 0; > + for (c = *str; c != '\0'; c = *++str) { > + if (c < '0' || c > '9') > + return (-1); > + > + fd *= RADIX; > + fd += c - '0'; > + } > + > + /* Make sure we actually parsed something. */ > + if (str == orig) { > + _rtld_error("failed to parse directory FD from '%s'", str); > + return (-1); > + } > + return (fd); > +}
Shouldn't the first "return (-1)" also be preceded by a call _rtld_error()? -Dimitry
signature.asc
Description: Message signed with OpenPGP using GPGMail