disallow non-absolute rpath $ORIGIN for suid/sgid/AT_SECURE processes
authorRich Felker <dalias@aerifal.cx>
Wed, 7 Feb 2018 19:31:42 +0000 (14:31 -0500)
committerRich Felker <dalias@aerifal.cx>
Wed, 7 Feb 2018 19:31:42 +0000 (14:31 -0500)
commit376b3c54bba7d235e5a8e2839bb333a826b19636
tree8453a90317de98662a71048df26c826fe39fec89
parentf0b235c138d26caafeda44475818508f1911e78e
disallow non-absolute rpath $ORIGIN for suid/sgid/AT_SECURE processes

in theory non-absolute origins can only arise when either the main
program is invoked by running ldso as a command (inherently non-suid)
or when dlopen was called with a relative pathname containing at least
one slash. such usage would be inherently insecure in an suid program
anyway, so the old behavior here does not seem to have been insecure.
harden against it anyway.
ldso/dynlink.c