Date: Wed, 2 Jun 2021 22:00:13 +0100 From: Alexander Richardson <arichardson@freebsd.org> To: Konstantin Belousov <kib@freebsd.org> Cc: src-committers <src-committers@freebsd.org>, "<dev-commits-src-all@freebsd.org>" <dev-commits-src-all@freebsd.org>, dev-commits-src-main@freebsd.org Subject: Re: git: d81f999ac223 - main - rtld direct exec: add option to ignore LD_ variables Message-ID: <CA%2BZ_v8qwHL471EpFob8TS8qGgrD9zoX=y7sra_wefObFfzkwmQ@mail.gmail.com> In-Reply-To: <202105291459.14TExadZ056959@gitrepo.freebsd.org> References: <202105291459.14TExadZ056959@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 29 May 2021 at 15:59, Konstantin Belousov <kib@freebsd.org> wrote: > > The branch main has been updated by kib: > > URL: https://cgit.FreeBSD.org/src/commit/?id=d81f999ac22342789f2b3e21206d83d410be4df3 > > commit d81f999ac22342789f2b3e21206d83d410be4df3 > Author: Konstantin Belousov <kib@FreeBSD.org> > AuthorDate: 2021-05-28 23:59:07 +0000 > Commit: Konstantin Belousov <kib@FreeBSD.org> > CommitDate: 2021-05-29 14:59:09 +0000 > > rtld direct exec: add option to ignore LD_ variables > > Sponsored by: The FreeBSD Foundation > MFC after: 1 week > --- > libexec/rtld-elf/rtld.1 | 10 +++++++++- > libexec/rtld-elf/rtld.c | 3 +++ > 2 files changed, 12 insertions(+), 1 deletion(-) > > diff --git a/libexec/rtld-elf/rtld.1 b/libexec/rtld-elf/rtld.1 > index 7f633ce0b486..16466c7a853e 100644 > --- a/libexec/rtld-elf/rtld.1 > +++ b/libexec/rtld-elf/rtld.1 > @@ -28,7 +28,7 @@ > .\" > .\" $FreeBSD$ > .\" > -.Dd March 24, 2021 > +.Dd May 29, 2021 > .Dt RTLD 1 > .Os > .Sh NAME > @@ -131,6 +131,7 @@ all the environment variables listed below, but is being prefixed with > .Ev LD_32_ , > for example: > .Ev LD_32_TRACE_LOADED_OBJECTS . > +If the activated image is setuid or setgid, the variables are ignored. > .Bl -tag -width ".Ev LD_LIBMAP_DISABLE" > .It Ev LD_DUMP_REL_POST > If set, > @@ -313,6 +314,8 @@ The syntax of the direct invocation is > .Op Fl b Ar exe > .Op Fl f Ar fd > .Op Fl p > +.Op Fl t > +.Op Fl v > .Op Fl - > .Pa image_path > .Op Ar image arguments > @@ -353,6 +356,11 @@ character, > uses the search path provided by the environment variable > .Dv PATH > to find the binary to execute. > +.It Fl t > +Ignore all > +.Ev LD_ > +environment variables that otherwise affect the dynamic > +linker behavior. > .It Fl v > Display information about this run-time linker binary, then exit. > .It Fl - > diff --git a/libexec/rtld-elf/rtld.c b/libexec/rtld-elf/rtld.c > index 75c502e8cc85..a517de83b8f5 100644 > --- a/libexec/rtld-elf/rtld.c > +++ b/libexec/rtld-elf/rtld.c > @@ -5793,6 +5793,8 @@ parse_args(char* argv[], int argc, bool *use_pathp, int *fdp, > break; > } else if (opt == 'p') { > *use_pathp = true; > + } else if (opt == 't') { > + trust = false; Hi, In CheriBSD I used the -t flag to set ld_tracing = "yes" (we used this in ldd). I've been meaning to submit this as a review, but haven't got around to it yet. How do you feel about using "-u" for "untrusted" or "-i" for "ignore" here instead of "-t"? Thanks, Alex > } else if (opt == 'v') { > machine[0] = '\0'; > mib[0] = CTL_HW; > @@ -5863,6 +5865,7 @@ print_usage(const char *argv0) > " -b <exe> Execute <exe> instead of <binary>, arg0 is <binary>\n" > " -f <FD> Execute <FD> instead of searching for <binary>\n" > " -p Search in PATH for named binary\n" > + " -t Ignore LD_ environment variables\n" > " -v Display identification information\n" > " -- End of RTLD options\n" > " <binary> Name of process to execute\n"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BZ_v8qwHL471EpFob8TS8qGgrD9zoX=y7sra_wefObFfzkwmQ>