HEX
Server: Apache
System: Linux scp1.abinfocom.com 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64
User: confeduphaar (1010)
PHP: 8.1.33
Disabled: exec,passthru,shell_exec,system
$ pwd: /usr/src/glibc/debian/patches/any/
Upload Files
File: //usr/src/glibc/debian/patches/any/CVE-2025-4802.patch
[Ubuntu: backport for version 2.35]

From 5451fa962cd0a90a0e2ec1d8910a559ace02bba0 Mon Sep 17 00:00:00 2001
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Mon, 6 Nov 2023 17:25:49 -0300
Subject: [PATCH] elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for
 static

It mimics the ld.so behavior.

Checked on x86_64-linux-gnu.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
---
 elf/dl-support.c | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

--- glibc-2.31.orig/elf/dl-support.c
+++ glibc-2.31/elf/dl-support.c
@@ -312,8 +312,6 @@ _dl_non_dynamic_init (void)
   _dl_main_map.l_phdr = GL(dl_phdr);
   _dl_main_map.l_phnum = GL(dl_phnum);
 
-  _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;
-
   /* Set up the data structures for the system-supplied DSO early,
      so they can influence _dl_init_paths.  */
   setup_vdso (NULL, NULL);
@@ -321,6 +319,30 @@ _dl_non_dynamic_init (void)
   /* With vDSO setup we can initialize the function pointers.  */
   setup_vdso_pointers ();
 
+  if (__libc_enable_secure)
+    { 
+      static const char unsecure_envvars[] =
+        UNSECURE_ENVVARS
+#ifdef EXTRA_UNSECURE_ENVVARS
+        EXTRA_UNSECURE_ENVVARS
+#endif
+        ;
+      const char *cp = unsecure_envvars;
+
+      while (cp < unsecure_envvars + sizeof (unsecure_envvars))
+        {
+          __unsetenv (cp);
+          cp = (const char *) __rawmemchr (cp, '\0') + 1;
+        }
+
+#if !HAVE_TUNABLES
+      if (__access ("/etc/suid-debug", F_OK) != 0)
+        __unsetenv ("MALLOC_CHECK_");
+#endif
+    }
+
+  _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;
+
   /* Initialize the data structures for the search paths for shared
      objects.  */
   _dl_init_paths (getenv ("LD_LIBRARY_PATH"));
@@ -339,28 +361,6 @@ _dl_non_dynamic_init (void)
     _dl_profile_output
       = &"/var/tmp\0/var/profile"[__libc_enable_secure ? 9 : 0];
 
-  if (__libc_enable_secure)
-    {
-      static const char unsecure_envvars[] =
-	UNSECURE_ENVVARS
-#ifdef EXTRA_UNSECURE_ENVVARS
-	EXTRA_UNSECURE_ENVVARS
-#endif
-	;
-      const char *cp = unsecure_envvars;
-
-      while (cp < unsecure_envvars + sizeof (unsecure_envvars))
-	{
-	  __unsetenv (cp);
-	  cp = (const char *) __rawmemchr (cp, '\0') + 1;
-	}
-
-#if !HAVE_TUNABLES
-      if (__access ("/etc/suid-debug", F_OK) != 0)
-	__unsetenv ("MALLOC_CHECK_");
-#endif
-    }
-
 #ifdef DL_PLATFORM_INIT
   DL_PLATFORM_INIT;
 #endif
@ Telegram