Skip to content

Instantly share code, notes, and snippets.

@jserv
Created February 23, 2013 11:46
Show Gist options
  • Save jserv/5019475 to your computer and use it in GitHub Desktop.
Save jserv/5019475 to your computer and use it in GitHub Desktop.
Disable the protection of SELinux in olibc dynamic linker
diff --git a/linker/linker_environ.cpp b/linker/linker_environ.cpp
index edc659a..4a6e4a0 100644
--- a/linker/linker_environ.cpp
+++ b/linker/linker_environ.cpp
@@ -42,20 +42,6 @@ bool get_AT_SECURE() {
return _AT_SECURE_value;
}
-static void __init_AT_SECURE(KernelArgumentBlock& args) {
- // Check auxv for AT_SECURE first to see if program is setuid, setgid,
- // has file caps, or caused a SELinux/AppArmor domain transition.
- bool kernel_supplied_AT_SECURE;
- _AT_SECURE_value = args.getauxval(AT_SECURE, &kernel_supplied_AT_SECURE);
-
- // We don't support ancient kernels.
- if (!kernel_supplied_AT_SECURE) {
- const char* msg = "FATAL: kernel did not supply AT_SECURE\n";
- write(2, msg, strlen(msg));
- exit(EXIT_FAILURE);
- }
-}
-
// Check if the environment variable definition at 'envstr'
// starts with '<name>=', and if so return the address of the
// first character after the equal sign. Otherwise return NULL.
@@ -108,44 +94,6 @@ static bool __is_valid_environment_variable(const char* name) {
return true;
}
-static bool __is_unsafe_environment_variable(const char* name) {
- // None of these should be allowed in setuid programs.
- static const char* const UNSAFE_VARIABLE_NAMES[] = {
- "GCONV_PATH",
- "GETCONF_DIR",
- "HOSTALIASES",
- "LD_AOUT_LIBRARY_PATH",
- "LD_AOUT_PRELOAD",
- "LD_AUDIT",
- "LD_DEBUG",
- "LD_DEBUG_OUTPUT",
- "LD_DYNAMIC_WEAK",
- "LD_LIBRARY_PATH",
- "LD_ORIGIN_PATH",
- "LD_PRELOAD",
- "LD_PROFILE",
- "LD_SHOW_AUXV",
- "LD_USE_LOAD_BIAS",
- "LOCALDOMAIN",
- "LOCPATH",
- "MALLOC_CHECK_",
- "MALLOC_TRACE",
- "NIS_PATH",
- "NLSPATH",
- "RESOLV_HOST_CONF",
- "RES_OPTIONS",
- "TMPDIR",
- "TZDIR",
- NULL
- };
- for (size_t i = 0; UNSAFE_VARIABLE_NAMES[i] != NULL; ++i) {
- if (env_match(name, UNSAFE_VARIABLE_NAMES[i]) != NULL) {
- return true;
- }
- }
- return false;
-}
-
static void __sanitize_environment_variables() {
char** src = _envp;
char** dst = _envp;
@@ -153,10 +101,6 @@ static void __sanitize_environment_variables() {
if (!__is_valid_environment_variable(src[0])) {
continue;
}
- // Remove various unsafe environment variables if we're loading a setuid program.
- if (get_AT_SECURE() && __is_unsafe_environment_variable(src[0])) {
- continue;
- }
dst[0] = src[0];
++dst;
}
@@ -167,7 +111,6 @@ void linker_env_init(KernelArgumentBlock& args) {
// Store environment pointer - can't be NULL.
_envp = args.envp;
- __init_AT_SECURE(args);
__sanitize_environment_variables();
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment