diff options
| author | Jo-Philipp Wich <jo@mein.io> | 2018-01-25 17:12:29 +0100 |
|---|---|---|
| committer | Jo-Philipp Wich <jo@mein.io> | 2018-02-02 13:59:34 +0100 |
| commit | a9a43f3d791da40893832616e79bbeed198a1ddb (patch) | |
| tree | 9618568ffca2d3670cd6a140525a2db42a9d7f2a | |
| parent | ab44f8fc0df35035c4bef316df48dd3764fec716 (diff) | |
| download | upstream-a9a43f3d791da40893832616e79bbeed198a1ddb.tar.gz upstream-a9a43f3d791da40893832616e79bbeed198a1ddb.tar.bz2 upstream-a9a43f3d791da40893832616e79bbeed198a1ddb.zip | |
build: bundle-libraries.sh: patch bundled ld.so
Remove references to /etc/, /lib/ and /usr/ from the bundled ld.so
interpreter using simple binary patching.
This is needed to prevent loading host system libraries such as
libnss_compat.so.2 on foreign systems, which may result in ld.so
inconsistency assertions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
| -rwxr-xr-x | scripts/bundle-libraries.sh | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/scripts/bundle-libraries.sh b/scripts/bundle-libraries.sh index f254d4da47..bfe681ad60 100755 --- a/scripts/bundle-libraries.sh +++ b/scripts/bundle-libraries.sh @@ -97,6 +97,18 @@ _runas_so() { } } +_patch_ldso() { + _cp "$1" "$1.patched" + sed -i -e 's,/\(usr\|lib\|etc\)/,/###/,g' "$1.patched" + + if "$1.patched" 2>&1 | grep -q -- --library-path; then + _mv "$1.patched" "$1" + else + echo "binary patched ${1##*/} not executable, using original" >&2 + rm -f "$1.patched" + fi +} + for LDD in ${PATH//://ldd }/ldd; do "$LDD" --version >/dev/null 2>/dev/null && break LDD="" @@ -135,6 +147,7 @@ for BIN in "$@"; do [ -f "$token" -a ! -f "$dest" ] && { _md "$ddir" _cp "$token" "$dest" + [ -n "$LDSO" ] && _patch_ldso "$dest" } ;; esac done |