From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 3360 invoked from network); 17 Aug 2022 10:05:28 -0000 Received: from second.openwall.net (193.110.157.125) by inbox.vuxu.org with ESMTPUTF8; 17 Aug 2022 10:05:28 -0000 Received: (qmail 14234 invoked by uid 550); 17 Aug 2022 10:05:13 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 30254 invoked from network); 17 Aug 2022 06:23:17 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=edgedb.com; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :organization:message-id:date:subject:cc:to:from:from:to:cc; bh=nVkos3/AFCK8WBGkrYFA4pMjOPXIj+IAjcIephs14Xw=; b=NSDq59lW5nX5oZyVU8OGMhFhIXieYCc4GA988ibzMc38+Zt8Q214ki+JFkyladYwYQ rXjJBy9ORrxFQheS6z2TejJiMOExAJDPRakEqAisux5ckySVMEBp8LDNezL5h0GmDUN4 4mHJ40DYQv8cQEHtjgoAoofDKZtNVyFDx4f98= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :organization:message-id:date:subject:cc:to:from:x-gm-message-state :from:to:cc; bh=nVkos3/AFCK8WBGkrYFA4pMjOPXIj+IAjcIephs14Xw=; b=1K6KndicibAlZGAACOZ0nmiRALBnmnh2LprdpgDmOJG7J0/Eo+Mh6x7yT0gXKeahj+ UlIbDpVERatCxYwLlrYFt3Tb0tHOmWnB7pk7jBdLitlQKtEFy/NNjjJcALVWifQt/B+K oWo/SgVdYScig3p6f35xqQ9lzYRmqN7UCyrZmz0bD5icjCMjUDkwPOacQ1wO5UI9GX6x 8vvovsrgIryKnpm7tGHVvA1ZvCHySuDPEFi5Con8enNrO4ApBW+WvQCPNXPl18h/ynF8 tWJ53J8rtDOyJyaeBWnRZZtMF0s9ObbxHGocyevtGRaXz6xkrolADlMof1we0On+4q20 nn6Q== X-Gm-Message-State: ACgBeo1u4Q/MpI+H/rL1rMVg/AiuTG9m7tUJ9evNp00e9y2HlP/xJB01 qTjDnkpT0EhKOH8vdlPkitWJw5IysDJAlg== X-Google-Smtp-Source: AA6agR48m2Lu0+PoPZjni7Ke1dd+nb/ZhHDEcBQlG1og727YAlGx/UKUx5DAj8cAOsexxEZqr/Q0+g== X-Received: by 2002:a17:902:d885:b0:172:868f:188c with SMTP id b5-20020a170902d88500b00172868f188cmr5256621plz.78.1660717384911; Tue, 16 Aug 2022 23:23:04 -0700 (PDT) From: Elvis Pranskevichus To: musl@lists.openwall.com Cc: elvis@edgedb.com Date: Tue, 16 Aug 2022 23:23:02 -0700 Message-ID: <4834483.e9J7NaK4W3@vulcan.edgedb.net> Organization: EdgeDB Inc. In-Reply-To: <3818608.tdWV9SEqCh@vulcan.edgedb.net> References: <3818608.tdWV9SEqCh@vulcan.edgedb.net> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Subject: [musl] [RESEND PATCH] ldso/dynlink: Protect LD_ env vars from getting clobbered by apps (sorry, the previous patch is obviously wrong, this is a better version) There is no guarantee that the environment block will remain intact. For example, PostgreSQL clobbers argv/environ area to implement its "setproctitle" emulation on non-BSD [1], and there is a popular Python library inspired by it [2]. As a result, setting `LD_LIBRARY_PATH` or `LD_PRELOAD` has no effect on Postgres subprocesses when linking against musl. Protect against this by making a copies instead of storing the original pointers directly. --- ldso/dynlink.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/ldso/dynlink.c b/ldso/dynlink.c index cc677952..2b816ce0 100644 --- a/ldso/dynlink.c +++ b/ldso/dynlink.c @@ -1757,7 +1757,23 @@ void __dls3(size_t *sp, size_t *auxv) /* Only trust user/env if kernel says we're not suid/sgid */ if (!libc.secure) { env_path = getenv("LD_LIBRARY_PATH"); + if (env_path != NULL) { + /* Prevent value from getting clobbered by the application */ + env_path = strdup(env_path); + if (!env_path) { + dprintf(2, "%s: out of memory\n", argv[0]); + _exit(127); + } + } env_preload = getenv("LD_PRELOAD"); + if (env_preload != NULL) { + /* Prevent value from getting clobbered by the application */ + env_preload = strdup(env_preload); + if (!env_preload) { + dprintf(2, "%s: out of memory\n", argv[0]); + _exit(127); + } + } } /* Activate error handler function */ -- 2.35.1