[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[commits] r8791 - in /branches/eglibc-2_10/libc: ./ elf/ login/ login/programs/ nscd/ sysdeps/generic/ sysdeps/unix/
- To: commits@xxxxxxxxxx
- Subject: [commits] r8791 - in /branches/eglibc-2_10/libc: ./ elf/ login/ login/programs/ nscd/ sysdeps/generic/ sysdeps/unix/
- From: joseph@xxxxxxxxxx
- Date: Sun, 09 Aug 2009 14:42:32 -0000
Author: joseph
Date: Sun Aug 9 07:42:32 2009
New Revision: 8791
Log:
Merge changes between r8757 and r8790 from /fsf/glibc-2_10-branch.
Modified:
branches/eglibc-2_10/libc/ChangeLog
branches/eglibc-2_10/libc/Makeconfig
branches/eglibc-2_10/libc/elf/Makefile
branches/eglibc-2_10/libc/login/Makefile
branches/eglibc-2_10/libc/login/programs/pt_chown.c
branches/eglibc-2_10/libc/nscd/Makefile
branches/eglibc-2_10/libc/sysdeps/generic/pty-private.h
branches/eglibc-2_10/libc/sysdeps/unix/grantpt.c
Modified: branches/eglibc-2_10/libc/ChangeLog
==============================================================================
--- branches/eglibc-2_10/libc/ChangeLog (original)
+++ branches/eglibc-2_10/libc/ChangeLog Sun Aug 9 07:42:32 2009
@@ -1,3 +1,19 @@
+2009-06-16 Ulrich Drepper <drepper@xxxxxxxxxx>
+
+ * login/Makefile: Build pt_chown as PIE.
+
+2009-06-16 Ulrich Drepper <drepper@xxxxxxxxxx>
+
+ * login/Makefile: If necessary link pt_chown with -lcap.
+
+2009-06-02 H.J. Lu <hongjiu.lu@xxxxxxxxx>
+
+ * Makeconfig (+link-pie): Define.
+ (+prectorS): Define.
+ (+postctorS): Define.
+ * elf/Makefile ($(objpfx)tst-pie1): Use $(+link-pie).
+ * nscd/Makefile ($(objpfx)nscd): Likewise.
+
2009-05-22 Jakub Jelinek <jakub@xxxxxxxxxx>
* sysdeps/unix/sysv/linux/accept4.c: Include kernel-features.h.
Modified: branches/eglibc-2_10/libc/Makeconfig
==============================================================================
--- branches/eglibc-2_10/libc/Makeconfig (original)
+++ branches/eglibc-2_10/libc/Makeconfig Sun Aug 9 07:42:32 2009
@@ -434,6 +434,19 @@
$(common-objpfx)libc% $(+postinit),$^) \
$(link-extra-libs) $(link-libc) $(+postctor) $(+postinit)
endif
+# Command for linking PIE programs with the C library.
+ifndef +link-pie
++link-pie = $(CC) -pie -Wl,-O1 -nostdlib -nostartfiles -o $@ \
+ $(sysdep-LDFLAGS) $(config-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
+ $(combreloc-LDFLAGS) $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \
+ $(addprefix $(csu-objpfx),S$(start-installed-name)) \
+ $(+preinit) $(+prectorS) \
+ $(filter-out $(addprefix $(csu-objpfx),start.o \
+ S$(start-installed-name))\
+ $(+preinit) $(link-extra-libs) \
+ $(common-objpfx)libc% $(+postinit),$^) \
+ $(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit)
+endif
# Command for statically linking programs with the C library.
ifndef +link-static
+link-static = $(CC) -nostdlib -nostartfiles -static -o $@ \
@@ -538,6 +551,9 @@
+postinit = $(addprefix $(csu-objpfx),crtn.o)
+prector = `$(CC) --print-file-name=crtbegin.o`
+postctor = `$(CC) --print-file-name=crtend.o`
+# Variants of the two previous definitions for linking PIE programs.
++prectorS = `$(CC) --print-file-name=crtbeginS.o`
++postctorS = `$(CC) --print-file-name=crtendS.o`
+interp = $(addprefix $(elf-objpfx),interp.os)
endif
csu-objpfx = $(common-objpfx)csu/
Modified: branches/eglibc-2_10/libc/elf/Makefile
==============================================================================
--- branches/eglibc-2_10/libc/elf/Makefile (original)
+++ branches/eglibc-2_10/libc/elf/Makefile Sun Aug 9 07:42:32 2009
@@ -841,14 +841,7 @@
$< > $@
$(objpfx)tst-pie1: $(objpfx)tst-pie1.o $(objpfx)tst-piemod1.so
- $(LINK.o) -pie -Wl,-O1 \
- $(sysdep-LDFLAGS) $(config-LDFLAGS) \
- $(extra-B-$(@F:lib%.so=%).so) -B$(csu-objpfx) \
- $(extra-B-$(@F:lib%.so=%).so) $(load-map-file) \
- $(LDFLAGS) $(LDFLAGS-$(@F)) \
- -L$(subst :, -L,$(rpath-link)) -Wl,-rpath-link=$(rpath-link) \
- -o $@ $(objpfx)tst-pie1.o $(objpfx)tst-piemod1.so \
- $(common-objpfx)libc_nonshared.a
+ $(+link-pie)
generated += tst-pie1 tst-pie1.out tst-pie1.o
endif
Modified: branches/eglibc-2_10/libc/login/Makefile
==============================================================================
--- branches/eglibc-2_10/libc/login/Makefile (original)
+++ branches/eglibc-2_10/libc/login/Makefile Sun Aug 9 07:42:32 2009
@@ -1,4 +1,4 @@
-# Copyright (C) 1996-1998,2000-2002,2003,2007 Free Software Foundation, Inc.
+# Copyright (C) 1996-1998,2000-2003,2007, 2009 Free Software Foundation, Inc.
# This file is part of the GNU C Library.
# The GNU C Library is free software; you can redistribute it and/or
@@ -58,6 +58,24 @@
$(resolvobjdir)/libresolv.a $(common-objpfx)libc.a
endif
+ifeq (yesyes,$(have-fpie)$(build-shared))
+pt_chown-cflags += $(pie-ccflag)
+endif
+ifeq (yes,$(have-ssp))
+pt_chown-cflags += -fstack-protector
+endif
+ifeq (yes,$(have-libcap))
+libcap = -lcap
+endif
+CFLAGS-pt_chown.c = $(pt_chown-cflags)
+LDLIBS-pt_chown = $(libcap)
+ifeq (yesyes,$(have-fpie)$(build-shared))
+LDFLAGS-pt_chown = -Wl,-z,now
+
+$(objpfx)pt_chown: $(objpfx)pt_chown.o
+ $(+link-pie)
+endif
+
# pt_chown needs to be setuid root.
$(inst_libexecdir)/pt_chown: $(objpfx)pt_chown $(+force)
$(make-target-directory)
Modified: branches/eglibc-2_10/libc/login/programs/pt_chown.c
==============================================================================
--- branches/eglibc-2_10/libc/login/programs/pt_chown.c (original)
+++ branches/eglibc-2_10/libc/login/programs/pt_chown.c Sun Aug 9 07:42:32 2009
@@ -29,6 +29,10 @@
#include <string.h>
#include <sys/stat.h>
#include <unistd.h>
+#ifdef HAVE_LIBCAP
+# include <sys/capability.h>
+# include <sys/prctl.h>
+#endif
#include "pty-private.h"
@@ -99,7 +103,7 @@
do_pt_chown (void)
{
char *pty;
- struct stat st;
+ struct stat64 st;
struct group *p;
gid_t gid;
@@ -110,7 +114,7 @@
/* Check that the returned slave pseudo terminal is a
character device. */
- if (stat (pty, &st) < 0 || !S_ISCHR(st.st_mode))
+ if (stat64 (pty, &st) < 0 || !S_ISCHR (st.st_mode))
return FAIL_EINVAL;
/* Get the group ID of the special `tty' group. */
@@ -135,16 +139,43 @@
main (int argc, char *argv[])
{
uid_t euid = geteuid ();
+ uid_t uid = getuid ();
int remaining;
- /* Normal invocation of this program is with no arguments and
- with privileges.
- FIXME: Should use capable (CAP_CHOWN|CAP_FOWNER). */
if (argc == 1 && euid == 0)
- return do_pt_chown ();
+ {
+#ifdef HAVE_LIBCAP
+ /* Drop privileges. */
+ if (uid != euid)
+ {
+ static const cap_value_t cap_list[] =
+ { CAP_CHOWN, CAP_FOWNER };
+# define ncap_list (sizeof (cap_list) / sizeof (cap_list[0]))
+ cap_t caps = cap_init ();
+ if (caps == NULL)
+ error (FAIL_ENOMEM, errno,
+ _("Failed to initialize drop of capabilities"));
+
+ /* There is no reason why these should not work. */
+ cap_set_flag (caps, CAP_PERMITTED, ncap_list, cap_list, CAP_SET);
+ cap_set_flag (caps, CAP_EFFECTIVE, ncap_list, cap_list, CAP_SET);
+
+ int res = cap_set_proc (caps);
+
+ cap_free (caps);
+
+ if (__builtin_expect (res != 0, 0))
+ error (FAIL_EXEC, errno, _("cap_set_proc failed"));
+ }
+#endif
+
+ /* Normal invocation of this program is with no arguments and
+ with privileges. */
+ return do_pt_chown ();
+ }
/* We aren't going to be using privileges, so drop them right now. */
- setuid (getuid ());
+ setuid (uid);
/* Set locale via LC_ALL. */
setlocale (LC_ALL, "");
Modified: branches/eglibc-2_10/libc/nscd/Makefile
==============================================================================
--- branches/eglibc-2_10/libc/nscd/Makefile (original)
+++ branches/eglibc-2_10/libc/nscd/Makefile Sun Aug 9 07:42:32 2009
@@ -1,5 +1,4 @@
-# Copyright (C) 1998,2000,2002,2003,2004,2005,2006,2007,2008
-# Free Software Foundation, Inc.
+# Copyright (C) 1998,2000,2002-2009 Free Software Foundation, Inc.
# This file is part of the GNU C Library.
# The GNU C Library is free software; you can redistribute it and/or
@@ -137,13 +136,7 @@
relro-LDFLAGS += -Wl,-z,now
$(objpfx)nscd: $(addprefix $(objpfx),$(nscd-modules:=.o))
- $(LINK.o) -pie -Wl,-O1 $(nscd-cflags) \
- $(sysdep-LDFLAGS) $(config-LDFLAGS) $(relro-LDFLAGS) \
- $(extra-B-$(@F:lib%.so=%).so) -B$(csu-objpfx) \
- $(extra-B-$(@F:lib%.so=%).so) $(load-map-file) \
- $(LDFLAGS) $(LDFLAGS-$(@F)) \
- -L$(subst :, -L,$(rpath-link)) -Wl,-rpath-link=$(rpath-link) \
- -o $@ $^ $(LDLIBS-nscd) $(common-objpfx)libc_nonshared.a
+ $(+link-pie)
endif
# This makes sure -DNOT_IN_libc is passed for all these modules.
Modified: branches/eglibc-2_10/libc/sysdeps/generic/pty-private.h
==============================================================================
--- branches/eglibc-2_10/libc/sysdeps/generic/pty-private.h (original)
+++ branches/eglibc-2_10/libc/sysdeps/generic/pty-private.h Sun Aug 9 07:42:32 2009
@@ -1,5 +1,5 @@
/* Internal defenitions and declarations for pseudo terminal functions.
- Copyright (C) 1998, 1999 Free Software Foundation, Inc.
+ Copyright (C) 1998, 1999, 2009 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Zack Weinberg <zack@xxxxxxxxxxxxxxxxxxxxxx>, 1998.
@@ -39,7 +39,8 @@
FAIL_EBADF = 1,
FAIL_EINVAL,
FAIL_EACCES,
- FAIL_EXEC
+ FAIL_EXEC,
+ FAIL_ENOMEM
};
#endif /* pty-private.h */
Modified: branches/eglibc-2_10/libc/sysdeps/unix/grantpt.c
==============================================================================
--- branches/eglibc-2_10/libc/sysdeps/unix/grantpt.c (original)
+++ branches/eglibc-2_10/libc/sysdeps/unix/grantpt.c Sun Aug 9 07:42:32 2009
@@ -185,7 +185,7 @@
if (!WIFEXITED (w))
__set_errno (ENOEXEC);
else
- switch (WEXITSTATUS(w))
+ switch (WEXITSTATUS (w))
{
case 0:
retval = 0;
@@ -202,6 +202,9 @@
case FAIL_EXEC:
__set_errno (ENOEXEC);
break;
+ case FAIL_ENOMEM:
+ __set_errno (ENOMEM);
+ break;
default:
assert(! "getpt: internal error: invalid exit code from pt_chown");