Date: Thu, 5 Feb 2009 23:33:32 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 157244 for review Message-ID: <200902052333.n15NXWY9026462@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=157244 Change 157244 by rwatson@rwatson_freebsd_capabilities on 2009/02/05 23:32:56 When running in a sandbox, don't allow the use of shared objects named with absolute paths, as the proxed library service won't allow that. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf/rtld.c#9 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf/rtld.c#9 (text+ko) ==== @@ -1024,12 +1024,16 @@ char *name; if (strchr(xname, '/') != NULL) { /* Hard coded pathname */ +#ifndef IN_RTLD_CAP if (xname[0] != '/' && !trust) { +#endif _rtld_error("Absolute pathname required for shared object \"%s\"", xname); return NULL; +#ifndef IN_RTLD_CAP } return xstrdup(xname); +#endif } if (libmap_disable || (refobj == NULL) ||
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200902052333.n15NXWY9026462>