Commit Graph

6 Commits

Author SHA1 Message Date
John Polstra
4c6616fc3e Extend the ldconfig security check so that it ignores group-writable
directories in addition to world-writable directories.  As before,
this check can be disabled with the "-i" option, which in turn can
be made the default for boot-up by setting "ldconfig_insecure=YES"
in "/etc/rc.conf".

Also fix an mdoc nit in the manual page.

Submitted by:	Maxime Henrion <mux@qualys.com>
2000-12-17 18:50:56 +00:00
John Polstra
643dcf40ee Add a "-i" option ("insecure") which disables the checks for
root ownership, etc.  I will soon commit a companion knob for
"/etc/rc.conf".

Submitted by:	Maxime Henrion <mhenrion@cybercable.fr>
2000-08-07 19:12:04 +00:00
John Polstra
fa0c86aadc If a directory is world-writable or is not owned by root, skip it
and emit a warning.  This is a security measure since ldconfig
influences the shared libraries used by all programs.

I think the check should be made even more stringent by also
ignoring group-writable directories.  I will make that change soon
unless we encounter a good reason not to do it.

Submitted by:	Maxime Henrion <mhenrion@cybercable.fr>
2000-07-26 04:47:17 +00:00
John Polstra
2621949f6f If a directory on the command line doesn't exist, warn about it
and proceed rather than quitting with a fatal error message.

PR:		bin/16056
Submitted by:	Philipp Mergenthaler <un1i@rz.uni-karlsruhe.de>
2000-01-21 02:15:27 +00:00
Peter Wemm
7f3dea244c $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
John Polstra
a565ca5920 Implement ldconfig functionality for ELF. The hints are stored in
a different file than the a.out hints, namely, "/var/run/ld-elf.so.hints".
These hints consist only of the directory search path.  There is
no hash table as in the a.out hints, because ELF doesn't have to
search for the file with the highest minor version number.  (It
doesn't have minor version numbers at all.)

A single run of ldconfig updates either the a.out hints or the ELF
hints, but not both.  The set of hints to process is selected in
the usual way, via /etc/objformat, or ${OBJFORMAT}, or the "-aout"
or "-elf" command line option.  The rationale is that you probably
want to search different directories for ELF than for a.out.

"ldconfig -r" is faked up to produce output like we are used to,
except that for ELF there are no minor version numbers.  This should
enable "ldconfig -r" to be used for checking LIB_DEPENDS in ports
even for ELF.

I implemented the ELF functionality in a new source file, with an
eye toward eliminating the a.out code entirely at some point in
the future.
1998-09-05 03:31:00 +00:00