aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2018-01-25 17:12:29 +0100
committerJo-Philipp Wich <jo@mein.io>2018-02-02 13:59:34 +0100
commita9a43f3d791da40893832616e79bbeed198a1ddb (patch)
tree9618568ffca2d3670cd6a140525a2db42a9d7f2a
parentab44f8fc0df35035c4bef316df48dd3764fec716 (diff)
downloadupstream-a9a43f3d791da40893832616e79bbeed198a1ddb.tar.gz
upstream-a9a43f3d791da40893832616e79bbeed198a1ddb.tar.bz2
upstream-a9a43f3d791da40893832616e79bbeed198a1ddb.zip
build: bundle-libraries.sh: patch bundled ld.so
Remove references to /etc/, /lib/ and /usr/ from the bundled ld.so interpreter using simple binary patching. This is needed to prevent loading host system libraries such as libnss_compat.so.2 on foreign systems, which may result in ld.so inconsistency assertions. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
-rwxr-xr-xscripts/bundle-libraries.sh13
1 files changed, 13 insertions, 0 deletions
diff --git a/scripts/bundle-libraries.sh b/scripts/bundle-libraries.sh
index f254d4da47..bfe681ad60 100755
--- a/scripts/bundle-libraries.sh
+++ b/scripts/bundle-libraries.sh
@@ -97,6 +97,18 @@ _runas_so() {
}
}
+_patch_ldso() {
+ _cp "$1" "$1.patched"
+ sed -i -e 's,/\(usr\|lib\|etc\)/,/###/,g' "$1.patched"
+
+ if "$1.patched" 2>&1 | grep -q -- --library-path; then
+ _mv "$1.patched" "$1"
+ else
+ echo "binary patched ${1##*/} not executable, using original" >&2
+ rm -f "$1.patched"
+ fi
+}
+
for LDD in ${PATH//://ldd }/ldd; do
"$LDD" --version >/dev/null 2>/dev/null && break
LDD=""
@@ -135,6 +147,7 @@ for BIN in "$@"; do
[ -f "$token" -a ! -f "$dest" ] && {
_md "$ddir"
_cp "$token" "$dest"
+ [ -n "$LDSO" ] && _patch_ldso "$dest"
}
;; esac
done