* elf/ldd.bash.in: When set -o pipefail is available, use that for

piping to cat; when not, don't use the pipe at all. Pipe to cat in all cases of running the executable. When direct running exits with code 5, retry running via ${RTLD}. * elf/rtld.c (process_envvars): If __libc_enable_secure and mode != normal, exit with exitcode 5.
git-mirror · Dec 8, 2004 · f57a3c9 · f57a3c9
1 parent 77474cc
commit f57a3c9
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 7 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,12 @@
+2004-12-08  Jakub Jelinek  <jakub@redhat.com>
+
+	* elf/ldd.bash.in: When set -o pipefail is available, use that for
+	piping to cat; when not, don't use the pipe at all.
+	Pipe to cat in all cases of running the executable.
+	When direct running exits with code 5, retry running via ${RTLD}.
+	* elf/rtld.c (process_envvars): If __libc_enable_secure and
+	mode != normal, exit with exitcode 5.
+
 2004-12-07  Jakub Jelinek  <jakub@redhat.com>
 
 	* sysdeps/posix/sysconf.c (__sysconf_check_spec): Only define

diff --git a/elf/ldd.bash.in b/elf/ldd.bash.in
@@ -105,6 +105,21 @@ add_env="$add_env LD_VERBOSE=$verbose"
 if test "$unused" = yes; then
   add_env="$add_env LD_DEBUG=\"$LD_DEBUG${LD_DEBUG:+,}unused\""
 fi
+
+# The following use of cat is needed to make ldd work in SELinux
+# environments where the executed program might not have permissions
+# to write to the console/tty.  But only bash 3.x supports the pipefail
+# option, and we don't bother to handle the case for older bash versions.
+if set -o pipefail 2> /dev/null; then
+  try_trace() {
+    eval $add_env '"$@"' | cat
+  }
+else
+  try_trace() {
+    eval $add_env '"$@"'
+  }
+fi
+
 case $# in
 0)
   echo >&2 'ldd:' $"missing file arguments"
@@ -153,7 +168,16 @@ warning: you do not have execution permission for" "\`$file'" >&2
     fi
     case $ret in
     0)
-      eval $add_env '"$file"' || result=1
+      # If the program exits with exit code 5, it means the process has been
+      # invoked with __libc_enable_secure.  Fall back to running it through
+      # the dynamic linker.
+      try_trace "$file"
+      rc=$?
+      if [ $rc = 5 ]; then
+	try_trace "$RTLD" "$file"
+	rc=$?
+      fi
+      [ $rc = 0 ] || result=1
       ;;
     1)
       # This can be a non-ELF binary or no binary at all.
@@ -163,10 +187,7 @@ warning: you do not have execution permission for" "\`$file'" >&2
       }
       ;;
     2)
-      # The following use of cat is needed to make ldd work in SELinux
-      # environments where the executed program might not have permissions
-      # to write to the console/tty.
-      eval $add_env \${RTLD} '"$file"' | cat || result=1
+      try_trace "$RTLD" "$file" || result=1
       ;;
     *)
       echo 'ldd:' ${RTLD} $"exited with unknown exit code" "($ret)" >&2

diff --git a/elf/rtld.c b/elf/rtld.c
@@ -2269,9 +2269,11 @@ process_envvars (enum mode *modep)
       if (__access ("/etc/suid-debug", F_OK) != 0)
         {
 	  unsetenv ("MALLOC_CHECK_");
-	  if (mode == normal)
-	    GLRO(dl_debug_mask) = 0;
+	  GLRO(dl_debug_mask) = 0;
         }
+
+      if (mode != normal)
+	_exit (5);
     }
   /* If we have to run the dynamic linker in debugging mode and the
      LD_DEBUG_OUTPUT environment variable is given, we write the debug