PERFORCE change 157244 for review
Robert Watson
rwatson at FreeBSD.org
Thu Feb 5 15:33:34 PST 2009
http://perforce.freebsd.org/chv.cgi?CH=157244
Change 157244 by rwatson at rwatson_freebsd_capabilities on 2009/02/05 23:32:56
When running in a sandbox, don't allow the use of shared objects
named with absolute paths, as the proxed library service won't
allow that.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf/rtld.c#9 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf/rtld.c#9 (text+ko) ====
@@ -1024,12 +1024,16 @@
char *name;
if (strchr(xname, '/') != NULL) { /* Hard coded pathname */
+#ifndef IN_RTLD_CAP
if (xname[0] != '/' && !trust) {
+#endif
_rtld_error("Absolute pathname required for shared object \"%s\"",
xname);
return NULL;
+#ifndef IN_RTLD_CAP
}
return xstrdup(xname);
+#endif
}
if (libmap_disable || (refobj == NULL) ||
More information about the p4-projects
mailing list