summaryrefslogtreecommitdiffstats
path: root/sbin/ldconfig
diff options
context:
space:
mode:
authorjdp <jdp@FreeBSD.org>2000-12-17 18:50:56 +0000
committerjdp <jdp@FreeBSD.org>2000-12-17 18:50:56 +0000
commit807299d24dd25cba6b4cd3c262ebcafe65e51882 (patch)
treea6935f5eb314c71195b358cc3db4ee4c9e36a2af /sbin/ldconfig
parent06048bef5e8a92421284032c19c4057cd1448538 (diff)
downloadFreeBSD-src-807299d24dd25cba6b4cd3c262ebcafe65e51882.zip
FreeBSD-src-807299d24dd25cba6b4cd3c262ebcafe65e51882.tar.gz
Extend the ldconfig security check so that it ignores group-writable
directories in addition to world-writable directories. As before, this check can be disabled with the "-i" option, which in turn can be made the default for boot-up by setting "ldconfig_insecure=YES" in "/etc/rc.conf". Also fix an mdoc nit in the manual page. Submitted by: Maxime Henrion <mux@qualys.com>
Diffstat (limited to 'sbin/ldconfig')
-rw-r--r--sbin/ldconfig/elfhints.c4
-rw-r--r--sbin/ldconfig/ldconfig.86
2 files changed, 8 insertions, 2 deletions
diff --git a/sbin/ldconfig/elfhints.c b/sbin/ldconfig/elfhints.c
index 7e5c8e5..8dd1354 100644
--- a/sbin/ldconfig/elfhints.c
+++ b/sbin/ldconfig/elfhints.c
@@ -74,6 +74,10 @@ add_dir(const char *hintsfile, const char *name, int trusted)
warnx("%s: ignoring world-writable directory", name);
return;
}
+ if ((stbuf.st_mode & S_IWGRP) != 0) {
+ warnx("%s: ignoring group-writable directory", name);
+ return;
+ }
}
for (i = 0; i < ndirs; i++)
diff --git a/sbin/ldconfig/ldconfig.8 b/sbin/ldconfig/ldconfig.8
index 85746da..307b081 100644
--- a/sbin/ldconfig/ldconfig.8
+++ b/sbin/ldconfig/ldconfig.8
@@ -61,9 +61,11 @@ line. Blank lines and lines starting with the comment character
.Ql \&#
are ignored.
.Pp
-For security reasons, directories which are world-writable or which
+For security reasons, directories which are world or group-writable or which
are not owned by root produce warning messages and are skipped, unless
-the -i option is present.
+the
+.Fl i
+option is present.
.Pp
The shared libraries which are found will be automatically available for loading
if needed by the program being prepared for execution.
OpenPOWER on IntegriCloud