On 14/12/2012 11.49, Filippo ARCIDIACONO wrote: > On 12/14/2012 11:40 AM, Filippo ARCIDIACONO wrote: >> It's not safe to use the aux vect inside __uClibc_main if we are running >> with shared libraries, because it could have been already modified. >> For example, if some constructor plays with environment variables by >> using unsetenv, the modifications done into the stack to unset an >> environment variable, have impacts on the aux vect due to the extra NULL >> entries added. >> Due to this, __uClibc_main is not able to detect where the aux vect >> starts, so all the entries that are used by __uClibc_main (AT_UID, >> AT_EUID, AT_GID, AT_EGID, AT_PAGESZ and possibly other arch specific) >> are impacted. >> >> Same side effect on the aux vect is caused by the ld.so when running a >> SUID program with some of the unsecure environment variables set, that >> will be unset by the ld.so itself. >> >> In order to fix this issue, it needs to handle aux vect entries into >> __uClibc_main only if SHARED is not defined. >> In SHARED case, libc refers to __dl_secure and _dl_pagesize as >> initialised >> by the ld.so where the aux vext is still untouched. >> >> Signed-off-by: Filippo Arcidiacono <filippo.arcidiac...@st.com> >> Reviewed-by: Carmelo Amoroso <carmelo.amor...@st.com> >> --- >> ldso/ldso/ldso.c | 2 +- >> libc/misc/elf/dl-support.c | 4 ++++ >> libc/misc/internals/__uClibc_main.c | 22 ++++++++++++++++------ >> 3 files changed, 21 insertions(+), 7 deletions(-) >> > [SNIP] > > Please consider this version. > It fixes last minute build problem and avoid some compiler warning. > > regards, > Filippo.
Hello, I'd like to have some other feedback on this before committing. I have reviewed this Filippo during the debug, so my opinion is not "neutral" ;-) Cheers, Carmelo > _______________________________________________ > uClibc mailing list > uClibc@uclibc.org > http://lists.busybox.net/mailman/listinfo/uclibc > > _______________________________________________ uClibc mailing list uClibc@uclibc.org http://lists.busybox.net/mailman/listinfo/uclibc