This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

GNU C Library master sources branch, release/2.10/master, updated. glibc-2.10.1-68-gc87c885


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.10/master has been updated
       via  c87c885303b406c5f636841b8289425062f3c7c6 (commit)
       via  a7800930627c2ee5d4d3b373f62c897e0c321c19 (commit)
       via  a584fc6a6b81183ed6ce1724237c6744cdd6559e (commit)
      from  c97164f05ba8fa5d2ebf30f1c2de083bc1ead1e1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c87c885303b406c5f636841b8289425062f3c7c6

commit c87c885303b406c5f636841b8289425062f3c7c6
Author: Ulrich Drepper <drepper@redhat.com>
Date:   Tue Jun 16 20:46:42 2009 -0700

    Build pt_chown as PIE.
    (cherry picked from commit f051ddfe22d3db4e77d6a545d5363be8b986cb96)

diff --git a/ChangeLog b/ChangeLog
index a714c3e..ec8c64a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 2009-06-16  Ulrich Drepper  <drepper@redhat.com>
 
+	* login/Makefile: Build pt_chown as PIE.
+
+2009-06-16  Ulrich Drepper  <drepper@redhat.com>
+
 	* login/Makefile: If necessary link pt_chown with -lcap.
 
 2009-06-02  H.J. Lu  <hongjiu.lu@intel.com>
diff --git a/login/Makefile b/login/Makefile
index 427c050..beb2a5c 100644
--- a/login/Makefile
+++ b/login/Makefile
@@ -54,10 +54,23 @@ otherlibs += $(nssobjdir)/libnss_files.a $(resolvobjdir)/libnss_dns.a \
 	     $(resolvobjdir)/libresolv.a $(common-objpfx)libc.a
 endif
 
+ifeq (yesyes,$(have-fpie)$(build-shared))
+pt_chown-cflags += $(pie-ccflag)
+endif
+ifeq (yes,$(have-ssp))
+pt_chown-cflags += -fstack-protector
+endif
 ifeq (yes,$(have-libcap))
 libcap = -lcap
 endif
+CFLAGS-pt_chown.c = $(pt_chown-cflags)
 LDLIBS-pt_chown = $(libcap)
+ifeq (yesyes,$(have-fpie)$(build-shared))
+LDFLAGS-pt_chown = -Wl,-z,now
+
+$(objpfx)pt_chown: $(objpfx)pt_chown.o
+	$(+link-pie)
+endif
 
 # pt_chown needs to be setuid root.
 $(inst_libexecdir)/pt_chown: $(objpfx)pt_chown $(+force)

http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a7800930627c2ee5d4d3b373f62c897e0c321c19

commit a7800930627c2ee5d4d3b373f62c897e0c321c19
Author: Ulrich Drepper <drepper@redhat.com>
Date:   Tue Jun 16 15:58:07 2009 -0700

    Extend pt_chown to drop privileges.
    
    If libcap is available, use it to drop privileges in pt_chown before
    starting the work to change the permissions and ownership of the
    slave device.
    (cherry picked from commit f793b62438a3cfdbcc5ba453eebee1db3f315bea)

diff --git a/ChangeLog b/ChangeLog
index cee59c1..a714c3e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2009-06-16  Ulrich Drepper  <drepper@redhat.com>
+
+	* login/Makefile: If necessary link pt_chown with -lcap.
+
 2009-06-02  H.J. Lu  <hongjiu.lu@intel.com>
 
 	* Makeconfig (+link-pie): Define.
diff --git a/login/Makefile b/login/Makefile
index b02d385..427c050 100644
--- a/login/Makefile
+++ b/login/Makefile
@@ -1,4 +1,4 @@
-# Copyright (C) 1996-1998,2000-2002,2003,2007 Free Software Foundation, Inc.
+# Copyright (C) 1996-1998,2000-2003,2007, 2009 Free Software Foundation, Inc.
 # This file is part of the GNU C Library.
 
 # The GNU C Library is free software; you can redistribute it and/or
@@ -54,6 +54,11 @@ otherlibs += $(nssobjdir)/libnss_files.a $(resolvobjdir)/libnss_dns.a \
 	     $(resolvobjdir)/libresolv.a $(common-objpfx)libc.a
 endif
 
+ifeq (yes,$(have-libcap))
+libcap = -lcap
+endif
+LDLIBS-pt_chown = $(libcap)
+
 # pt_chown needs to be setuid root.
 $(inst_libexecdir)/pt_chown: $(objpfx)pt_chown $(+force)
 	$(make-target-directory)
diff --git a/login/programs/pt_chown.c b/login/programs/pt_chown.c
index 485edda..9544653 100644
--- a/login/programs/pt_chown.c
+++ b/login/programs/pt_chown.c
@@ -29,6 +29,10 @@
 #include <string.h>
 #include <sys/stat.h>
 #include <unistd.h>
+#ifdef HAVE_LIBCAP
+# include <sys/capability.h>
+# include <sys/prctl.h>
+#endif
 
 #include "pty-private.h"
 
@@ -99,7 +103,7 @@ static int
 do_pt_chown (void)
 {
   char *pty;
-  struct stat st;
+  struct stat64 st;
   struct group *p;
   gid_t gid;
 
@@ -110,7 +114,7 @@ do_pt_chown (void)
 
   /* Check that the returned slave pseudo terminal is a
      character device.  */
-  if (stat (pty, &st) < 0 || !S_ISCHR(st.st_mode))
+  if (stat64 (pty, &st) < 0 || !S_ISCHR (st.st_mode))
     return FAIL_EINVAL;
 
   /* Get the group ID of the special `tty' group.  */
@@ -135,16 +139,43 @@ int
 main (int argc, char *argv[])
 {
   uid_t euid = geteuid ();
+  uid_t uid = getuid ();
   int remaining;
 
-  /* Normal invocation of this program is with no arguments and
-     with privileges.
-     FIXME: Should use capable (CAP_CHOWN|CAP_FOWNER).  */
   if (argc == 1 && euid == 0)
-    return do_pt_chown ();
+    {
+#ifdef HAVE_LIBCAP
+  /* Drop privileges.  */
+      if (uid != euid)
+	{
+	  static const cap_value_t cap_list[] =
+	    { CAP_CHOWN, CAP_FOWNER	};
+# define ncap_list (sizeof (cap_list) / sizeof (cap_list[0]))
+	  cap_t caps = cap_init ();
+	  if (caps == NULL)
+	    error (FAIL_ENOMEM, errno,
+		   _("Failed to initialize drop of capabilities"));
+
+	  /* There is no reason why these should not work.  */
+	  cap_set_flag (caps, CAP_PERMITTED, ncap_list, cap_list, CAP_SET);
+	  cap_set_flag (caps, CAP_EFFECTIVE, ncap_list, cap_list, CAP_SET);
+
+	  int res = cap_set_proc (caps);
+
+	  cap_free (caps);
+
+	  if (__builtin_expect (res != 0, 0))
+	    error (FAIL_EXEC, errno, _("cap_set_proc failed"));
+	}
+#endif
+
+      /* Normal invocation of this program is with no arguments and
+	 with privileges.  */
+      return do_pt_chown ();
+    }
 
   /* We aren't going to be using privileges, so drop them right now. */
-  setuid (getuid ());
+  setuid (uid);
 
   /* Set locale via LC_ALL.  */
   setlocale (LC_ALL, "");
diff --git a/sysdeps/generic/pty-private.h b/sysdeps/generic/pty-private.h
index d6ec2ce..493f405 100644
--- a/sysdeps/generic/pty-private.h
+++ b/sysdeps/generic/pty-private.h
@@ -1,5 +1,5 @@
 /* Internal defenitions and declarations for pseudo terminal functions.
-   Copyright (C) 1998, 1999 Free Software Foundation, Inc.
+   Copyright (C) 1998, 1999, 2009 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Zack Weinberg <zack@rabi.phys.columbia.edu>, 1998.
 
@@ -39,7 +39,8 @@ enum  /* failure modes */
   FAIL_EBADF = 1,
   FAIL_EINVAL,
   FAIL_EACCES,
-  FAIL_EXEC
+  FAIL_EXEC,
+  FAIL_ENOMEM
 };
 
 #endif /* pty-private.h  */
diff --git a/sysdeps/unix/grantpt.c b/sysdeps/unix/grantpt.c
index bdedbac..3979784 100644
--- a/sysdeps/unix/grantpt.c
+++ b/sysdeps/unix/grantpt.c
@@ -185,7 +185,7 @@ grantpt (int fd)
       if (!WIFEXITED (w))
 	__set_errno (ENOEXEC);
       else
-	switch (WEXITSTATUS(w))
+	switch (WEXITSTATUS (w))
 	  {
 	  case 0:
 	    retval = 0;
@@ -202,6 +202,9 @@ grantpt (int fd)
 	  case FAIL_EXEC:
 	    __set_errno (ENOEXEC);
 	    break;
+	  case FAIL_ENOMEM:
+	    __set_errno (ENOMEM);
+	    break;
 
 	  default:
 	    assert(! "getpt: internal error: invalid exit code from pt_chown");

http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a584fc6a6b81183ed6ce1724237c6744cdd6559e

commit a584fc6a6b81183ed6ce1724237c6744cdd6559e
Author: H.J. Lu <hongjiu.lu@intel.com>
Date:   Tue Jun 16 09:19:59 2009 -0700

    Consolidate PIE linking Makefile rules.
    (cherry picked from commit 435aa54b3b9c1c87498e8bb3831394fd42220fa7)

diff --git a/ChangeLog b/ChangeLog
index 7cf44d1..cee59c1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2009-06-02  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* Makeconfig (+link-pie): Define.
+	(+prectorS): Define.
+	(+postctorS): Define.
+	* elf/Makefile ($(objpfx)tst-pie1): Use $(+link-pie).
+	* nscd/Makefile ($(objpfx)nscd): Likewise.
+
 2009-05-22  Jakub Jelinek  <jakub@redhat.com>
 
 	* sysdeps/unix/sysv/linux/accept4.c: Include kernel-features.h.
diff --git a/Makeconfig b/Makeconfig
index 875fb67..9f134cc 100644
--- a/Makeconfig
+++ b/Makeconfig
@@ -434,6 +434,19 @@ ifndef +link
 			   $(common-objpfx)libc% $(+postinit),$^) \
 	      $(link-extra-libs) $(link-libc) $(+postctor) $(+postinit)
 endif
+# Command for linking PIE programs with the C library.
+ifndef +link-pie
++link-pie = $(CC) -pie -Wl,-O1 -nostdlib -nostartfiles -o $@ \
+	     $(sysdep-LDFLAGS) $(config-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
+	     $(combreloc-LDFLAGS) $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \
+	     $(addprefix $(csu-objpfx),S$(start-installed-name)) \
+	     $(+preinit) $(+prectorS) \
+	     $(filter-out $(addprefix $(csu-objpfx),start.o \
+	     S$(start-installed-name))\
+	     $(+preinit) $(link-extra-libs) \
+	     $(common-objpfx)libc% $(+postinit),$^) \
+	     $(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit)
+endif
 # Command for statically linking programs with the C library.
 ifndef +link-static
 +link-static = $(CC) -nostdlib -nostartfiles -static -o $@ \
@@ -538,6 +551,9 @@ ifeq ($(elf),yes)
 +postinit = $(addprefix $(csu-objpfx),crtn.o)
 +prector = `$(CC) --print-file-name=crtbegin.o`
 +postctor = `$(CC) --print-file-name=crtend.o`
+# Variants of the two previous definitions for linking PIE programs.
++prectorS = `$(CC) --print-file-name=crtbeginS.o`
++postctorS = `$(CC) --print-file-name=crtendS.o`
 +interp = $(addprefix $(elf-objpfx),interp.os)
 endif
 csu-objpfx = $(common-objpfx)csu/
diff --git a/elf/Makefile b/elf/Makefile
index b2b5a65..208538c 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -833,14 +833,7 @@ $(objpfx)tst-pie1.out: $(objpfx)tst-pie1
 	  $< > $@
 
 $(objpfx)tst-pie1: $(objpfx)tst-pie1.o $(objpfx)tst-piemod1.so
-	$(LINK.o) -pie -Wl,-O1 \
-	  $(sysdep-LDFLAGS) $(config-LDFLAGS) \
-	  $(extra-B-$(@F:lib%.so=%).so) -B$(csu-objpfx) \
-	  $(extra-B-$(@F:lib%.so=%).so) $(load-map-file) \
-	  $(LDFLAGS) $(LDFLAGS-$(@F)) \
-	  -L$(subst :, -L,$(rpath-link)) -Wl,-rpath-link=$(rpath-link) \
-	  -o $@ $(objpfx)tst-pie1.o $(objpfx)tst-piemod1.so \
-	  $(common-objpfx)libc_nonshared.a
+	$(+link-pie)
 
 generated += tst-pie1 tst-pie1.out tst-pie1.o
 endif
diff --git a/nscd/Makefile b/nscd/Makefile
index 364ddfe..4abae8c 100644
--- a/nscd/Makefile
+++ b/nscd/Makefile
@@ -1,5 +1,4 @@
-# Copyright (C) 1998,2000,2002,2003,2004,2005,2006,2007,2008
-#	Free Software Foundation, Inc.
+# Copyright (C) 1998,2000,2002-2009 Free Software Foundation, Inc.
 # This file is part of the GNU C Library.
 
 # The GNU C Library is free software; you can redistribute it and/or
@@ -128,13 +127,7 @@ ifeq (yesyes,$(have-fpie)$(build-shared))
 relro-LDFLAGS += -Wl,-z,now
 
 $(objpfx)nscd: $(addprefix $(objpfx),$(nscd-modules:=.o))
-	$(LINK.o) -pie -Wl,-O1 $(nscd-cflags) \
-	  $(sysdep-LDFLAGS) $(config-LDFLAGS) $(relro-LDFLAGS) \
-	  $(extra-B-$(@F:lib%.so=%).so) -B$(csu-objpfx) \
-	  $(extra-B-$(@F:lib%.so=%).so) $(load-map-file) \
-	  $(LDFLAGS) $(LDFLAGS-$(@F)) \
-	  -L$(subst :, -L,$(rpath-link)) -Wl,-rpath-link=$(rpath-link) \
-	  -o $@ $^ $(LDLIBS-nscd) $(common-objpfx)libc_nonshared.a
+	$(+link-pie)
 endif
 
 # This makes sure -DNOT_IN_libc is passed for all these modules.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                     |   16 ++++++++++++++
 Makeconfig                    |   16 ++++++++++++++
 elf/Makefile                  |    9 +-------
 login/Makefile                |   20 +++++++++++++++++-
 login/programs/pt_chown.c     |   45 ++++++++++++++++++++++++++++++++++------
 nscd/Makefile                 |   11 +--------
 sysdeps/generic/pty-private.h |    5 ++-
 sysdeps/unix/grantpt.c        |    5 +++-
 8 files changed, 99 insertions(+), 28 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]