From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <azanella@sourceware.org>
Received: by sourceware.org (Postfix, from userid 1791)
	id E72673858D3C; Tue, 21 Nov 2023 20:49:42 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E72673858D3C
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1700599782;
	bh=cVJQdop97XxZKN1gLS6cxMR65GD2fs7KKLvHCIYqCsE=;
	h=From:To:Subject:Date:From;
	b=RWjSFbfG/oJ/yR6NFkML2rE+NUVz5/JaK4N/ho0JGkOZ7PkxUpwbEqQkLXQ3rXKhe
	 /xHewwa7mE7dYv2QRVx3Xxj+oLJVdOPiKEvU/FlCEevdRQT0F43uGxj7AB3kQpdd+o
	 UR8GCsJSKM395XhCCrjRygp4YMgQ6GZP5Lqn/k5o=
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Adhemerval Zanella <azanella@sourceware.org>
To: glibc-cvs@sourceware.org
Subject: [glibc] elf: Add comments on how LD_AUDIT and LD_PRELOAD handle
 __libc_enable_secure
X-Act-Checkin: glibc
X-Git-Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: 5451fa962cd0a90a0e2ec1d8910a559ace02bba0
X-Git-Newrev: 780c33920281c5d5cc42a1e578bdc9218e675405
Message-Id: <20231121204942.E72673858D3C@sourceware.org>
Date: Tue, 21 Nov 2023 20:49:42 +0000 (GMT)
List-Id: <glibc-cvs.sourceware.org>

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=780c33920281c5d5cc42a1e578bdc9218e675405

commit 780c33920281c5d5cc42a1e578bdc9218e675405
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date:   Mon Nov 6 17:25:50 2023 -0300

    elf: Add comments on how LD_AUDIT and LD_PRELOAD handle __libc_enable_secure
    
    To make explicit why __libc_enable_secure is not checked.
    Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

Diff:
---
 elf/rtld.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/elf/rtld.c b/elf/rtld.c
index 7d4c843e7e..0553c05edb 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -2561,6 +2561,10 @@ process_envvars (struct dl_main_state *state)
 	      process_dl_debug (state, &envline[6]);
 	      break;
 	    }
+	  /* For __libc_enable_secure mode, audit pathnames containing slashes
+	     are ignored.  Also, shared audit objects are only loaded only from
+	     the standard search directories and only if they have set-user-ID
+	     mode bit enabled.  */
 	  if (memcmp (envline, "AUDIT", 5) == 0)
 	    audit_list_add_string (&state->audit_list, &envline[6]);
 	  break;
@@ -2573,7 +2577,10 @@ process_envvars (struct dl_main_state *state)
 	      break;
 	    }
 
-	  /* List of objects to be preloaded.  */
+	  /* For __libc_enable_secure mode, preload pathnames containing slashes
+	     are ignored.  Also, shared objects are only preloaded from the
+	     standard search directories and only if they have set-user-ID mode
+	     bit enabled.  */
 	  if (memcmp (envline, "PRELOAD", 7) == 0)
 	    {
 	      state->preloadlist = &envline[8];