If a directory is world-writable or is not owned by root, skip it
and emit a warning. This is a security measure since ldconfig influences the shared libraries used by all programs. I think the check should be made even more stringent by also ignoring group-writable directories. I will make that change soon unless we encounter a good reason not to do it. Submitted by: Maxime Henrion <mhenrion@cybercable.fr>
This commit is contained in:
parent
dc2475c540
commit
fa0c86aadc
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=63872
@ -57,8 +57,23 @@ static int ndirs;
|
|||||||
static void
|
static void
|
||||||
add_dir(const char *hintsfile, const char *name)
|
add_dir(const char *hintsfile, const char *name)
|
||||||
{
|
{
|
||||||
|
struct stat stbuf;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
|
/* Do some security checks */
|
||||||
|
if (stat(name, &stbuf) == -1) {
|
||||||
|
warn("%s", name);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (stbuf.st_uid != 0) {
|
||||||
|
warnx("%s: not owned by root", name);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if ((stbuf.st_mode & S_IWOTH) != 0) {
|
||||||
|
warnx("%s: ignoring world-writable directory", name);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
for (i = 0; i < ndirs; i++)
|
for (i = 0; i < ndirs; i++)
|
||||||
if (strcmp(dirs[i], name) == 0)
|
if (strcmp(dirs[i], name) == 0)
|
||||||
return;
|
return;
|
||||||
|
@ -61,7 +61,10 @@ line. Blank lines and lines starting with the comment character
|
|||||||
.Ql \&#
|
.Ql \&#
|
||||||
are ignored.
|
are ignored.
|
||||||
.Pp
|
.Pp
|
||||||
The shared libraries so found will be automatically available for loading
|
For security reasons, directories which are world-writable or which
|
||||||
|
are not owned by root produce warning messages and are skipped.
|
||||||
|
.Pp
|
||||||
|
The shared libraries which are found will be automatically available for loading
|
||||||
if needed by the program being prepared for execution.
|
if needed by the program being prepared for execution.
|
||||||
This obviates the need
|
This obviates the need
|
||||||
for storing search paths within the executable.
|
for storing search paths within the executable.
|
||||||
@ -137,9 +140,6 @@ In
|
|||||||
addition to building a set of hints for quick lookup, it also serves to
|
addition to building a set of hints for quick lookup, it also serves to
|
||||||
specify the trusted collection of directories from which shared objects can
|
specify the trusted collection of directories from which shared objects can
|
||||||
be safely loaded.
|
be safely loaded.
|
||||||
It is presumed that the set of directories specified to
|
|
||||||
.Nm ldconfig
|
|
||||||
are under control of the system's administrator.
|
|
||||||
.Sh ENVIRONMENT
|
.Sh ENVIRONMENT
|
||||||
.Bl -tag -width OBJFORMATxxx -compact
|
.Bl -tag -width OBJFORMATxxx -compact
|
||||||
.It Ev OBJFORMAT
|
.It Ev OBJFORMAT
|
||||||
|
@ -259,6 +259,7 @@ int silent;
|
|||||||
{
|
{
|
||||||
DIR *dd;
|
DIR *dd;
|
||||||
struct dirent *dp;
|
struct dirent *dp;
|
||||||
|
struct stat stbuf;
|
||||||
char name[MAXPATHLEN];
|
char name[MAXPATHLEN];
|
||||||
int dewey[MAXDEWEY], ndewey;
|
int dewey[MAXDEWEY], ndewey;
|
||||||
|
|
||||||
@ -269,6 +270,20 @@ int silent;
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Do some security checks */
|
||||||
|
if (fstat(dirfd(dd), &stbuf) == -1) {
|
||||||
|
warn("%s", dir);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
if (stbuf.st_uid != 0) {
|
||||||
|
warnx("%s: not owned by root", dir);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
if ((stbuf.st_mode & S_IWOTH) != 0) {
|
||||||
|
warnx("%s: ignoring world-writable directory", dir);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
while ((dp = readdir(dd)) != NULL) {
|
while ((dp = readdir(dd)) != NULL) {
|
||||||
register int n;
|
register int n;
|
||||||
register char *cp;
|
register char *cp;
|
||||||
|
Loading…
Reference in New Issue
Block a user