Loader.so+LibELF: Do not read environment variables if AT_SECURE is set

AT_SECURE is set in the auxiliary vector when we execute setuid/setgid
programs.
In those cases, we do not want to read environment variables that
influence the logic of the dynamic loader, as they can be controlled
by the user.

1 files changed, 5 insertions, 1 deletions

diff --git a/Userland/DynamicLoader/main.cpp b/Userland/DynamicLoader/main.cpp
index 0131e65960..b2f09bdfa7 100644
--- a/Userland/DynamicLoader/main.cpp
+++ b/Userland/DynamicLoader/main.cpp
@@ -135,6 +135,7 @@ void _start(int argc, char** argv, char** envp)
 
     int main_program_fd = -1;
     String main_program_name;
+    bool is_secure = false;
     for (; auxvp->a_type != AT_NULL; ++auxvp) {
         if (auxvp->a_type == ELF::AuxiliaryValue::ExecFileDescriptor) {
             main_program_fd = auxvp->a_un.a_val;
@@ -142,6 +143,9 @@ void _start(int argc, char** argv, char** envp)
         if (auxvp->a_type == ELF::AuxiliaryValue::ExecFilename) {
             main_program_name = (const char*)auxvp->a_un.a_ptr;
         }
+        if (auxvp->a_type == ELF::AuxiliaryValue::Secure) {
+            is_secure = auxvp->a_un.a_val == 1;
+        }
     }
 
     if (main_program_name == "/usr/lib/Loader.so") {
@@ -156,7 +160,7 @@ void _start(int argc, char** argv, char** envp)
     ASSERT(main_program_fd >= 0);
     ASSERT(!main_program_name.is_empty());
 
-    ELF::DynamicLinker::linker_main(move(main_program_name), main_program_fd, argc, argv, envp);
+    ELF::DynamicLinker::linker_main(move(main_program_name), main_program_fd, is_secure, argc, argv, envp);
     ASSERT_NOT_REACHED();
 }
 }