blob: 36e96f5779c9b8956606cb072fdb3f2460abcdaa (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
From: Robin H. Johnson <robbat2@gentoo.org>
Gentoo-Bug: 206678
X-Gentoo-URL: http://bugs.gentoo.org/show_bug.cgi?id=206678
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Based on a previous revision by solar@gentoo.org.
It seems that on hardened systems, USE_RTLD_NEXT is not always usable, and this
trips up sandbox.
diff -Nuar sandbox-1.2.18.1.orig/src/libsandbox.c sandbox-1.2.18.1/src/libsandbox.c
--- sandbox-1.2.18.1.orig/src/libsandbox.c 2008-06-27 16:15:53.000000000 +0000
+++ sandbox-1.2.18.1/src/libsandbox.c 2008-06-27 16:20:26.000000000 +0000
@@ -192,18 +192,24 @@
{
void *symaddr = NULL;
- if (NULL == libc_handle) {
-#if !defined(USE_RTLD_NEXT)
+#if defined(USE_RTLD_NEXT)
+ libc_handle = RTLD_NEXT;
+#endif
+
+ /* Checking for -1UL is significent on hardened!
+ * USE_RTLD_NEXT returns it as a sign of being unusable.
+ * However using !x or NULL checks does NOT pick it up!
+ */
+#define INVALID_LIBC_HANDLE(x) (!x || NULL == x || -1UL == x)
+ if (INVALID_LIBC_HANDLE(libc_handle)) {
libc_handle = dlopen(LIBC_VERSION, RTLD_LAZY);
- if (!libc_handle) {
+ if (INVALID_LIBC_HANDLE(libc_handle)) {
fprintf(stderr, "libsandbox: Can't dlopen libc: %s\n",
dlerror());
exit(EXIT_FAILURE);
}
-#else
- libc_handle = RTLD_NEXT;
-#endif
}
+#undef INVALID_LIBC_HANDLE
if (NULL == symver)
symaddr = dlsym(libc_handle, symname);
|
GitWeb
