wok-current: glibc/stuff/CVE-2025-4802.patch annotate

wok-current annotate glibc/stuff/CVE-2025-4802.patch @ rev 25775

Patch glibc (CVE-2025-4802)

author	Stanislas Leduc <shann@slitaz.org>
date	Thu May 22 19:19:31 2025 +0000 (5 months ago)
parents
children	e92a5b32321f

rev	line source
shann@25775	1 From 5451fa962cd0a90a0e2ec1d8910a559ace02bba0 Mon Sep 17 00:00:00 2001
shann@25775	2 From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
shann@25775	3 Date: Mon, 6 Nov 2023 17:25:49 -0300
shann@25775	4 Subject: elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static
shann@25775	5
shann@25775	6 It mimics the ld.so behavior.
shann@25775	7
shann@25775	8 Checked on x86_64-linux-gnu.
shann@25775	9 Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
shann@25775	10 Adjust for backport to glibc 2.28
shann@25775	11 ---
shann@25775	12 elf/dl-support.c \| 32 ++++++++++++++++----------------
shann@25775	13 1 file changed, 16 insertions(+), 16 deletions(-)
shann@25775	14
shann@25775	15 diff --git a/elf/dl-support.c b/elf/dl-support.c
shann@25775	16 index 31a608df87..837fa1c836 100644
shann@25775	17 --- a/elf/dl-support.c
shann@25775	18 +++ b/elf/dl-support.c
shann@25775	19 @@ -317,12 +317,34 @@
shann@25775	20 if (HP_SMALL_TIMING_AVAIL)
shann@25775	21 HP_TIMING_NOW (_dl_cpuclock_offset);
shann@25775	22
shann@25775	23 - _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;
shann@25775	24 -
shann@25775	25 /* Set up the data structures for the system-supplied DSO early,
shann@25775	26 so they can influence _dl_init_paths. */
shann@25775	27 setup_vdso (NULL, NULL);
shann@25775	28
shann@25775	29 + if (__libc_enable_secure)
shann@25775	30 + {
shann@25775	31 + static const char unsecure_envvars[] =
shann@25775	32 + UNSECURE_ENVVARS
shann@25775	33 +#ifdef EXTRA_UNSECURE_ENVVARS
shann@25775	34 + EXTRA_UNSECURE_ENVVARS
shann@25775	35 +#endif
shann@25775	36 + ;
shann@25775	37 + const char *cp = unsecure_envvars;
shann@25775	38 +
shann@25775	39 + while (cp < unsecure_envvars + sizeof (unsecure_envvars))
shann@25775	40 + {
shann@25775	41 + __unsetenv (cp);
shann@25775	42 + cp = (const char *) __rawmemchr (cp, '\0') + 1;
shann@25775	43 + }
shann@25775	44 +
shann@25775	45 +#if !HAVE_TUNABLES
shann@25775	46 + if (__access ("/etc/suid-debug", F_OK) != 0)
shann@25775	47 + __unsetenv ("MALLOC_CHECK_");
shann@25775	48 +#endif
shann@25775	49 + }
shann@25775	50 +
shann@25775	51 + _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;
shann@25775	52 +
shann@25775	53 /* Initialize the data structures for the search paths for shared
shann@25775	54 objects. */
shann@25775	55 _dl_init_paths (getenv ("LD_LIBRARY_PATH"));
shann@25775	56 @@ -340,28 +362,6 @@
shann@25775	57 if (_dl_profile_output == NULL \|\| _dl_profile_output[0] == '\0')
shann@25775	58 _dl_profile_output
shann@25775	59 = &"/var/tmp\0/var/profile"[__libc_enable_secure ? 9 : 0];
shann@25775	60 -
shann@25775	61 - if (__libc_enable_secure)
shann@25775	62 - {
shann@25775	63 - static const char unsecure_envvars[] =
shann@25775	64 - UNSECURE_ENVVARS
shann@25775	65 -#ifdef EXTRA_UNSECURE_ENVVARS
shann@25775	66 - EXTRA_UNSECURE_ENVVARS
shann@25775	67 -#endif
shann@25775	68 - ;
shann@25775	69 - const char *cp = unsecure_envvars;
shann@25775	70 -
shann@25775	71 - while (cp < unsecure_envvars + sizeof (unsecure_envvars))
shann@25775	72 - {
shann@25775	73 - __unsetenv (cp);
shann@25775	74 - cp = (const char *) __rawmemchr (cp, '\0') + 1;
shann@25775	75 - }
shann@25775	76 -
shann@25775	77 -#if !HAVE_TUNABLES
shann@25775	78 - if (__access ("/etc/suid-debug", F_OK) != 0)
shann@25775	79 - __unsetenv ("MALLOC_CHECK_");
shann@25775	80 -#endif
shann@25775	81 - }
shann@25775	82
shann@25775	83 #ifdef DL_PLATFORM_INIT
shann@25775	84 DL_PLATFORM_INIT;
shann@25775	85
shann@25775	86 --
shann@25775	87 cgit

SliTaz Repositories

wok-current annotate glibc/stuff/CVE-2025-4802.patch @ rev 25775