From 807299d24dd25cba6b4cd3c262ebcafe65e51882 Mon Sep 17 00:00:00 2001 From: jdp Date: Sun, 17 Dec 2000 18:50:56 +0000 Subject: Extend the ldconfig security check so that it ignores group-writable directories in addition to world-writable directories. As before, this check can be disabled with the "-i" option, which in turn can be made the default for boot-up by setting "ldconfig_insecure=YES" in "/etc/rc.conf". Also fix an mdoc nit in the manual page. Submitted by: Maxime Henrion --- sbin/ldconfig/elfhints.c | 4 ++++ sbin/ldconfig/ldconfig.8 | 6 ++++-- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'sbin/ldconfig') diff --git a/sbin/ldconfig/elfhints.c b/sbin/ldconfig/elfhints.c index 7e5c8e5..8dd1354 100644 --- a/sbin/ldconfig/elfhints.c +++ b/sbin/ldconfig/elfhints.c @@ -74,6 +74,10 @@ add_dir(const char *hintsfile, const char *name, int trusted) warnx("%s: ignoring world-writable directory", name); return; } + if ((stbuf.st_mode & S_IWGRP) != 0) { + warnx("%s: ignoring group-writable directory", name); + return; + } } for (i = 0; i < ndirs; i++) diff --git a/sbin/ldconfig/ldconfig.8 b/sbin/ldconfig/ldconfig.8 index 85746da..307b081 100644 --- a/sbin/ldconfig/ldconfig.8 +++ b/sbin/ldconfig/ldconfig.8 @@ -61,9 +61,11 @@ line. Blank lines and lines starting with the comment character .Ql \&# are ignored. .Pp -For security reasons, directories which are world-writable or which +For security reasons, directories which are world or group-writable or which are not owned by root produce warning messages and are skipped, unless -the -i option is present. +the +.Fl i +option is present. .Pp The shared libraries which are found will be automatically available for loading if needed by the program being prepared for execution. -- cgit v1.1