git: d81f999ac223 - main - rtld direct exec: add option to ignore LD_ variables

Wed Jun 2 21:56:04 UTC 2021

On Wed, Jun 02, 2021 at 10:00:13PM +0100, Alexander Richardson wrote:
> On Sat, 29 May 2021 at 15:59, Konstantin Belousov <kib at freebsd.org> wrote:
> >
> > The branch main has been updated by kib:
> >
> > URL: https://cgit.FreeBSD.org/src/commit/?id=d81f999ac22342789f2b3e21206d83d410be4df3
> >
> > commit d81f999ac22342789f2b3e21206d83d410be4df3
> > Author:     Konstantin Belousov <kib at FreeBSD.org>
> > AuthorDate: 2021-05-28 23:59:07 +0000
> > Commit:     Konstantin Belousov <kib at FreeBSD.org>
> > CommitDate: 2021-05-29 14:59:09 +0000
> >
> >     rtld direct exec: add option to ignore LD_ variables
> >
> >     Sponsored by:   The FreeBSD Foundation
> >     MFC after:      1 week
> > ---
> >  libexec/rtld-elf/rtld.1 | 10 +++++++++-
> >  libexec/rtld-elf/rtld.c |  3 +++
> >  2 files changed, 12 insertions(+), 1 deletion(-)
> >
> > diff --git a/libexec/rtld-elf/rtld.1 b/libexec/rtld-elf/rtld.1
> > index 7f633ce0b486..16466c7a853e 100644
> > --- a/libexec/rtld-elf/rtld.1
> > +++ b/libexec/rtld-elf/rtld.1
> > @@ -28,7 +28,7 @@
> >  .\"
> >  .\" $FreeBSD$
> >  .\"
> > -.Dd March 24, 2021
> > +.Dd May 29, 2021
> >  .Dt RTLD 1
> >  .Os
> >  .Sh NAME
> > @@ -131,6 +131,7 @@ all the environment variables listed below, but is being prefixed with
> >  .Ev LD_32_ ,
> >  for example:
> >  .Ev LD_32_TRACE_LOADED_OBJECTS .
> > +If the activated image is setuid or setgid, the variables are ignored.
> >  .Bl -tag -width ".Ev LD_LIBMAP_DISABLE"
> >  .It Ev LD_DUMP_REL_POST
> >  If set,
> > @@ -313,6 +314,8 @@ The syntax of the direct invocation is
> >  .Op Fl b Ar exe
> >  .Op Fl f Ar fd
> >  .Op Fl p
> > +.Op Fl t
> > +.Op Fl v
> >  .Op Fl -
> >  .Pa image_path
> >  .Op Ar image arguments
> > @@ -353,6 +356,11 @@ character,
> >  uses the search path provided by the environment variable
> >  .Dv PATH
> >  to find the binary to execute.
> > +.It Fl t
> > +Ignore all
> > +.Ev LD_
> > +environment variables that otherwise affect the dynamic
> > +linker behavior.
> >  .It Fl v
> >  Display information about this run-time linker binary, then exit.
> >  .It Fl -
> > diff --git a/libexec/rtld-elf/rtld.c b/libexec/rtld-elf/rtld.c
> > index 75c502e8cc85..a517de83b8f5 100644
> > --- a/libexec/rtld-elf/rtld.c
> > +++ b/libexec/rtld-elf/rtld.c
> > @@ -5793,6 +5793,8 @@ parse_args(char* argv[], int argc, bool *use_pathp, int *fdp,
> >                                 break;
> >                         } else if (opt == 'p') {
> >                                 *use_pathp = true;
> > +                       } else if (opt == 't') {
> > +                               trust = false;
> 
> Hi,
> 
> In CheriBSD I used the -t flag to set ld_tracing = "yes" (we used this
> in ldd). I've been meaning to submit this as a review, but haven't got
> around to it yet. How do you feel about using "-u" for "untrusted" or
> "-i" for "ignore" here instead of "-t"?

I am fine with renaming it to -u.  I will do it slightly later.