projects / musl / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
disallow non-absolute rpath $ORIGIN for suid/sgid/AT_SECURE processes
[musl] / ldso / dynlink.c
diff --git a/ldso/dynlink.c b/ldso/dynlink.c
index 3741c30..9bf6924 100644 (file)
--- a/ldso/dynlink.c
+++ b/ldso/dynlink.c
@@ -817,6 +817,9 @@ static int fixup_rpath(struct dso *p, char *buf, size_t buf_size)
                origin = ".";
                l = 1;
        }
+       /* Disallow non-absolute origins for suid/sgid/AT_SECURE. */
+       if (libc.secure && *origin != '/')
+               return 0;
        p->rpath = malloc(strlen(p->rpath_orig) + n*l + 1);
        if (!p->rpath) return -1;
 
musl