From mboxrd@z Thu Jan 1 00:00:00 1970 From: nils.carlson@ericsson.com (Nils Carlson) Date: Thu, 30 Sep 2010 12:18:52 +0200 (CEST) Subject: [ltt-dev] [PATCH UST] Fix insecure library loading (Debian Bug #598309, CVE-2010-3386) In-Reply-To: <20100929150622.GA6625@Krystal> References: <20100929132755.GA20790@starquasia> <20100929150622.GA6625@Krystal> Message-ID: Comments below. On Wed, 29 Sep 2010, Mathieu Desnoyers wrote: > Thanks to Raphael Geissert for spotting this, and to Jon Bernard for forwarding > the information to us. > > Signed-off-by: Mathieu Desnoyers > CC: Raphael Geissert > CC: Jon Bernard > --- > usttrace | 47 +++++++++++++++++++++++++++++++++++++---------- > 1 file changed, 37 insertions(+), 10 deletions(-) > > Index: ust/usttrace > =================================================================== > --- ust.orig/usttrace > +++ ust/usttrace > @@ -132,27 +132,54 @@ fi > > if [ "$arg_preload_libust" = "1" ]; > then > - if [ -n "${LIBUST_PATH%libust.so}" ] ; then > - export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${LIBUST_PATH%libust.so}" > + if [ -n "${LIBUST_PATH%libust.so}" ]; > + then > + if [ -n "$LD_LIBRARY_PATH" ]; > + then > + export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${LIBUST_PATH%libust.so}" > + else > + export LD_LIBRARY_PATH="${LIBUST_PATH%libust.so}" > + fi > + fi > + if [ -n "$LIBUST_PATH" ]; > + then > + if [ -n "$LD_PRELOAD" ]; > + then > + export LD_PRELOAD="$LD_PRELOAD:$LIBUST_PATH" > + else > + export LD_PRELOAD="$LIBUST_PATH" > + fi > fi > - export LD_PRELOAD="$LD_PRELOAD:$LIBUST_PATH" > fi > > - if [ "$arg_ld_std_ust" = "1" ]; > + if [ "$arg_ld_std_ust" = "1" ] && [ -n "${LIBUST_PATH%libust.so}" ]; > then > - if [ -n "$${LIBUST_PATH%libust.so}" ] ; then > - export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${LIBUST_PATH%libust.so}" > + if [ -n "$LD_LIBRARY_PATH" ]; > + then > + export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${LIBUST_PATH%libust.so}" > + else > + export LD_LIBRARY_PATH="${LIBUST_PATH%libust.so}" > fi > fi > > - if [ "$arg_preload_malloc" = "1" ]; > + if [ "$arg_preload_malloc" = "1" ] && [ -n $LIBMALLOCWRAP_PATH ]; All -n tests have to be in "", otherwise they will pass even though the string is empty. > then > - export LD_PRELOAD="$LD_PRELOAD:$LIBMALLOCWRAP_PATH" > + if [ -n "$LD_PRELOAD" ]; > + then > + export LD_PRELOAD="$LD_PRELOAD:$LIBMALLOCWRAP_PATH" > + else > + export LD_PRELOAD="$LIBMALLOCWRAP_PATH" > + fi > fi > > - if [ "$arg_preload_fork" = "1" ]; > + if [ "$arg_preload_fork" = "1" ] && [ -n $LIBINTERFORK_PATH ]; Same here. > then > - export LD_PRELOAD="$LD_PRELOAD:$LIBINTERFORK_PATH" > + if [ -n "$LD_PRELOAD" ]; > + then > + export LD_PRELOAD="$LD_PRELOAD:$LIBINTERFORK_PATH" > + else > + export LD_PRELOAD="$LIBINTERFORK_PATH" > + fi > fi > Looks good otherwise! /Nils > # Execute the command > > -- > Mathieu Desnoyers > Operating System Efficiency R&D Consultant > EfficiOS Inc. > http://www.efficios.com > > _______________________________________________ > ltt-dev mailing list > ltt-dev at lists.casi.polymtl.ca > http://lists.casi.polymtl.ca/cgi-bin/mailman/listinfo/ltt-dev >