fluencelabs/musl
1
0
Fork 0
mirror of https://github.com/fluencelabs/musl synced 2025-06-25 12:42:02 +00:00
Code Issues Projects Releases Wiki Activity

security hardening: ensure suid programs have valid stdin/out/err

Browse Source 
this behavior (opening fds 0-2 for a suid program) is explicitly
allowed (but not required) by POSIX to protect badly-written suid
programs from clobbering files they later open.

this commit does add some cost in startup code, but the availability
of auxv and the security flag will be useful elsewhere in the future.
in particular auxv is needed for static-linked vdso support, which is
still waiting to be committed (sorry nik!)
This commit is contained in:
Rich Felker
2011-08-23 09:37:39 -04:00
parent c0f344160d
commit df0b5a4940
6 changed files with 52 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/internal/libc.h
View File

@ -7,13 +7,15 @@
struct __libc {
void *main_thread;
int threaded;
int canceldisable;
int secure;
size_t *auxv;
int (*atexit)(void (*)(void));
void (*fini)(void);
void (*ldso_fini)(void);
volatile int threads_minus_1;
int ofl_lock;
int canceldisable;
FILE *ofl_head;
int ofl_lock;
};