diff options
| author |   Ulrich Drepper <drepper@redhat.com> | 1998-05-20 12:09:53 +0000 |
|---|---|---|
| committer | Ulrich Drepper <drepper@redhat.com> | 1998-05-20 12:09:53 +0000 |
| commit | 5b2099edba708940bbd957cc6b408df628b99a6e (patch) | |
| tree | d07d54cc9ceb5d75d1188cd052bca36ac7f82024 | |
| parent | Call shared object terminators at the right time. (diff) | |
| download | glibc-5b2099edba708940bbd957cc6b408df628b99a6e.tar.gz glibc-5b2099edba708940bbd957cc6b408df628b99a6e.tar.bz2 glibc-5b2099edba708940bbd957cc6b408df628b99a6e.zip | |
In SUID binaries don't let language part of locale value contain path
elements.
| -rw-r--r-- | intl/dcgettext.c | 36 |
1 files changed, 33 insertions, 3 deletions
diff --git a/intl/dcgettext.c b/intl/dcgettext.c index fe7299cda1..2b1d7cad30 100644 --- a/intl/dcgettext.c +++ b/intl/dcgettext.c @@ -1,5 +1,5 @@ /* dcgettext.c -- implementation of the dcgettext(3) function - Copyright (C) 1995, 1996 Free Software Foundation, Inc. + Copyright (C) 1995, 1996, 1998 Free Software Foundation, Inc. This file is part of the GNU C Library. Its master source is NOT part of the C library, however. The master source lives in /gd/gnu/lib. @@ -218,6 +218,24 @@ struct block_list # define DCGETTEXT dcgettext__ #endif +/* Checking whether the binaries runs SUID must be done and glibc provides + easier methods therefore we make a difference here. */ +#ifdef _LIBC +# define ENABLE_SECURE __libc_enable_secure +# define DETERMINE_SECURE +#else +static int enable_secure; +# define ENABLE_SECURE (enable_secure == 1) +# define DETERMINE_SECURE \ + if (enable_secure == 0) \ + { \ + if (getuid () != geteuid () || getgid () != getegid ()) \ + enable_secure = 1; \ + else \ + enable_secure = -1; \ + } +#endif + /* Look up MSGID in the DOMAINNAME message catalog for the current CATEGORY locale. */ char * @@ -242,9 +260,12 @@ DCGETTEXT (domainname, msgid, category) if (msgid == NULL) return NULL; + /* See whether this is a SUID binary or not. */ + DETERMINE_SECURE; + /* If DOMAINNAME is NULL, we are interested in the default domain. If CATEGORY is not LC_MESSAGES this might not make much sense but the - defintion left this undefined. */ + definition left this undefined. */ if (domainname == NULL) domainname = _nl_current_default_domain; @@ -326,7 +347,7 @@ DCGETTEXT (domainname, msgid, category) /* Search for the given string. This is a loop because we perhaps - got an ordered list of languages to consider for th translation. */ + got an ordered list of languages to consider for the translation. */ while (1) { /* Make CATEGORYVALUE point to the next element of the list. */ @@ -347,6 +368,15 @@ DCGETTEXT (domainname, msgid, category) while (categoryvalue[0] != '\0' && categoryvalue[0] != ':') *cp++ = *categoryvalue++; *cp = '\0'; + + /* When this is a SUID binary we must not allow accessing files + outside the dedicated directories. */ + if (ENABLE_SECURE + && (memchr (single_locale, '/', + _nl_find_language (single_locale) - single_locale) + != NULL)) + /* Ingore this entry. */ + continue; } /* If the current locale value is C (or POSIX) we don't load a |