mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-09-30 08:41:15 +00:00
Loader.so+LibELF: Do not read environment variables if AT_SECURE is set
AT_SECURE is set in the auxiliary vector when we execute setuid/setgid programs. In those cases, we do not want to read environment variables that influence the logic of the dynamic loader, as they can be controlled by the user.
This commit is contained in:
parent
20974b0772
commit
a4b74cba0b
Notes:
sideshowbarker
2024-07-19 00:02:08 +09:00
Author: https://github.com/itamar8910 Commit: https://github.com/SerenityOS/serenity/commit/a4b74cba0b1 Pull-request: https://github.com/SerenityOS/serenity/pull/4852 Reviewed-by: https://github.com/ADKaster Reviewed-by: https://github.com/awesomekling
|
@ -71,6 +71,9 @@ size_t g_current_tls_offset = 0;
|
|||
size_t g_total_tls_size = 0;
|
||||
char** g_envp = nullptr;
|
||||
LibCExitFunction g_libc_exit = nullptr;
|
||||
|
||||
bool g_allowed_to_check_environment_variables { false };
|
||||
bool g_do_breakpoint_trap_before_entry { false };
|
||||
}
|
||||
|
||||
DynamicObject::SymbolLookupResult DynamicLinker::lookup_global_symbol(const char* symbol_name)
|
||||
|
@ -228,15 +231,22 @@ static NonnullRefPtr<DynamicLoader> commit_elf(const String& name)
|
|||
return loader;
|
||||
}
|
||||
|
||||
void ELF::DynamicLinker::linker_main(String&& main_program_name, int main_program_fd, int argc, char** argv, char** envp)
|
||||
static void read_environment_variables()
|
||||
{
|
||||
g_envp = envp;
|
||||
bool do_breakpoint_trap_before_entry = false;
|
||||
for (char** env = envp; *env; ++env) {
|
||||
for (char** env = g_envp; *env; ++env) {
|
||||
if (StringView { *env } == "_LOADER_BREAKPOINT=1") {
|
||||
do_breakpoint_trap_before_entry = true;
|
||||
g_do_breakpoint_trap_before_entry = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void ELF::DynamicLinker::linker_main(String&& main_program_name, int main_program_fd, bool is_secure, int argc, char** argv, char** envp)
|
||||
{
|
||||
g_envp = envp;
|
||||
|
||||
g_allowed_to_check_environment_variables = !is_secure;
|
||||
if (g_allowed_to_check_environment_variables)
|
||||
read_environment_variables();
|
||||
|
||||
map_library(main_program_name, main_program_fd);
|
||||
map_dependencies(main_program_name);
|
||||
|
@ -260,7 +270,7 @@ void ELF::DynamicLinker::linker_main(String&& main_program_name, int main_progra
|
|||
|
||||
MainFunction main_function = (MainFunction)(entry_point);
|
||||
VERBOSE("jumping to main program entry point: %p\n", main_function);
|
||||
if (do_breakpoint_trap_before_entry) {
|
||||
if (g_do_breakpoint_trap_before_entry) {
|
||||
asm("int3");
|
||||
}
|
||||
int rc = main_function(argc, argv, envp);
|
||||
|
|
|
@ -35,7 +35,7 @@ namespace ELF {
|
|||
class DynamicLinker {
|
||||
public:
|
||||
static DynamicObject::SymbolLookupResult lookup_global_symbol(const char* symbol);
|
||||
[[noreturn]] static void linker_main(String&& main_program_name, int fd, int argc, char** argv, char** envp);
|
||||
[[noreturn]] static void linker_main(String&& main_program_name, int fd, bool is_secure, int argc, char** argv, char** envp);
|
||||
|
||||
private:
|
||||
DynamicLinker() = delete;
|
||||
|
|
|
@ -135,6 +135,7 @@ void _start(int argc, char** argv, char** envp)
|
|||
|
||||
int main_program_fd = -1;
|
||||
String main_program_name;
|
||||
bool is_secure = false;
|
||||
for (; auxvp->a_type != AT_NULL; ++auxvp) {
|
||||
if (auxvp->a_type == ELF::AuxiliaryValue::ExecFileDescriptor) {
|
||||
main_program_fd = auxvp->a_un.a_val;
|
||||
|
@ -142,6 +143,9 @@ void _start(int argc, char** argv, char** envp)
|
|||
if (auxvp->a_type == ELF::AuxiliaryValue::ExecFilename) {
|
||||
main_program_name = (const char*)auxvp->a_un.a_ptr;
|
||||
}
|
||||
if (auxvp->a_type == ELF::AuxiliaryValue::Secure) {
|
||||
is_secure = auxvp->a_un.a_val == 1;
|
||||
}
|
||||
}
|
||||
|
||||
if (main_program_name == "/usr/lib/Loader.so") {
|
||||
|
@ -156,7 +160,7 @@ void _start(int argc, char** argv, char** envp)
|
|||
ASSERT(main_program_fd >= 0);
|
||||
ASSERT(!main_program_name.is_empty());
|
||||
|
||||
ELF::DynamicLinker::linker_main(move(main_program_name), main_program_fd, argc, argv, envp);
|
||||
ELF::DynamicLinker::linker_main(move(main_program_name), main_program_fd, is_secure, argc, argv, envp);
|
||||
ASSERT_NOT_REACHED();
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue