15766
|
1 |
diff -rup ../i386/glib-2.20.1/gmodule/gmodule-dl.c glib-2.20.1/gmodule/gmodule-dl.c
|
|
2 |
--- ../i386/glib-2.20.1/gmodule/gmodule-dl.c 2009-05-14 16:42:09.667625600 +0200
|
|
3 |
+++ glib-2.20.1/gmodule/gmodule-dl.c 2009-05-14 16:42:41.085074835 +0200
|
11350
|
4 |
@@ -30,6 +30,8 @@
|
|
5 |
#include "config.h"
|
9500
|
6 |
|
|
7 |
#include <dlfcn.h>
|
|
8 |
+#include <string.h>
|
|
9 |
+#include <limits.h>
|
|
10 |
|
|
11 |
/* Perl includes <nlist.h> and <link.h> instead of <dlfcn.h> on some systmes? */
|
|
12 |
|
15766
|
13 |
@@ -89,6 +91,22 @@ fetch_dlerror (gboolean replace_null)
|
9500
|
14 |
return msg;
|
|
15 |
}
|
|
16 |
|
|
17 |
+static gboolean
|
|
18 |
+g_tsol_is_multi_label_session (void)
|
|
19 |
+{
|
|
20 |
+ static int trusted = -1;
|
|
21 |
+
|
|
22 |
+ if (trusted < 0) {
|
|
23 |
+ if (getenv("TRUSTED_SESSION")) {
|
|
24 |
+ trusted = 1;
|
|
25 |
+ } else {
|
|
26 |
+ trusted = 0;
|
|
27 |
+ }
|
|
28 |
+ }
|
|
29 |
+
|
|
30 |
+ return trusted ? TRUE : FALSE;
|
|
31 |
+}
|
|
32 |
+
|
|
33 |
static gpointer
|
|
34 |
_g_module_open (const gchar *file_name,
|
|
35 |
gboolean bind_lazy,
|
15766
|
36 |
@@ -101,7 +119,46 @@ _g_module_open (const gchar *file_name,
|
9880
|
37 |
performed immediately in all dynamic dependencies */
|
9500
|
38 |
bind_lazy = 1;
|
|
39 |
#endif
|
9880
|
40 |
-
|
|
41 |
+
|
9500
|
42 |
+ if (g_tsol_is_multi_label_session()) {
|
|
43 |
+ Dl_serinfo _info, *info = &_info;
|
|
44 |
+ Dl_serpath *path;
|
|
45 |
+ uint_t cnt;
|
|
46 |
+ gboolean found = FALSE;
|
|
47 |
+
|
|
48 |
+ if (strstr(file_name, "../"))
|
|
49 |
+ {
|
|
50 |
+ g_module_set_error("relative paths in module names are not allowed");
|
|
51 |
+ return NULL;
|
|
52 |
+ }
|
|
53 |
+ else
|
|
54 |
+ {
|
|
55 |
+ /* determine search path count and required buffer size */
|
|
56 |
+ dlinfo(RTLD_SELF, RTLD_DI_SERINFOSIZE, (void *)info);
|
|
57 |
+ /* allocate new buffer and initialize */
|
|
58 |
+ info = malloc(_info.dls_size);
|
|
59 |
+ info->dls_size = _info.dls_size;
|
|
60 |
+ info->dls_cnt = _info.dls_cnt;
|
|
61 |
+
|
|
62 |
+ /* obtain sarch path information */
|
|
63 |
+ dlinfo(RTLD_SELF, RTLD_DI_SERINFO, (void *)info);
|
|
64 |
+
|
|
65 |
+ path = &info->dls_serpath[0];
|
|
66 |
+ for (cnt = 1; cnt <= info->dls_cnt; cnt++, path++) {
|
|
67 |
+ if (strncmp(file_name, path->dls_name, strlen(path->dls_name)) == 0)
|
|
68 |
+ found = TRUE;
|
|
69 |
+ }
|
|
70 |
+
|
|
71 |
+ if ( ! found &&
|
|
72 |
+ strncmp(file_name, "/usr/lib/", strlen("/usr/lib/")) &&
|
|
73 |
+ strncmp(file_name, "/usr/sfw/lib/", strlen("/usr/sfw/lib/")))
|
|
74 |
+ {
|
|
75 |
+ g_module_set_error("module is not in a trusted directory");
|
|
76 |
+ return NULL;
|
|
77 |
+ }
|
|
78 |
+ }
|
|
79 |
+ }
|
|
80 |
+
|
|
81 |
handle = dlopen (file_name,
|
15766
|
82 |
(bind_local ? 0 : RTLD_GLOBAL) | (bind_lazy ? RTLD_LAZY | RTLD_FIRST: RTLD_NOW));
|
9500
|
83 |
if (!handle)
|