packages/glibc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

remove shared library's RPATH/RUNPATH for security

Browse Source
This commit is contained in:
liqingqing_1229 2022-03-01 15:21:08 +08:00
parent 15389bf875
commit a95455ac97
1 changed files with 61 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
glibc.spec
View File

@ -65,7 +65,7 @@
############################################################################## ##############################################################################
Name: glibc Name: glibc
Version: 2.35 Version: 2.35
Release: 3 Release: 4
Summary: The GNU libc libraries Summary: The GNU libc libraries
License: %{all_license} License: %{all_license}
URL: http://www.gnu.org/software/glibc/ URL: http://www.gnu.org/software/glibc/
@ -781,6 +781,63 @@ echo "%{_prefix}/libexec/glibc-benchtests/validate_benchout.py*" >> benchtests.f
echo "%{_libdir}/libpthread-2.17.so" >> compat-2.17.filelist echo "%{_libdir}/libpthread-2.17.so" >> compat-2.17.filelist
%endif %endif
reliantlib=""
function findReliantLib()
{
local library=$1
reliantlib=$(readelf -d $library | grep "(NEEDED)" | awk -F "Shared library" '{print $2}')$reliantlib
}
# remove gconv rpath/runpath
function removeLoadPath()
{
local file=$1
local rpathInfo=$(chrpath -l $file | grep "RPATH=")
local runpathInfo=$(chrpath -l $file | grep "RUNPATH=")
local currPath=""
if [ x"$rpathInfo" != x"" ]; then
currPath=$(echo $rpathInfo | awk -F "RPATH=" '{print $2}')
fi
if [ x"$runpathInfo" != x"" ]; then
currPath=$(echo $runpathInfo | awk -F "RUNPATH=" '{print $2}')
fi
if [ x"$currPath" == x"\$ORIGIN" ]; then
chrpath -d $file
findReliantLib $file
fi
}
set +e
# find and remove RPATH/RUNPATH
for file in $(find $RPM_BUILD_ROOT%{_libdir}/gconv/ -name "*.so" -exec file {} ';' | grep "\<ELF\>" | awk -F ':' '{print $1}')
do
removeLoadPath $file
done
function createSoftLink()
{
# pick up the dynamic libraries and create softlink for them
local tmplib=$(echo $reliantlib | sed 's/://g' | sed 's/ //g' | sed 's/\[//g' | sed 's/]/\n/g' | sort | uniq)
for temp in $tmplib
do
if [ -f "$RPM_BUILD_ROOT%{_libdir}/gconv/$temp" ]; then
ln -sf %{_libdir}/gconv/$temp $RPM_BUILD_ROOT%{_libdir}/$temp
echo %{_libdir}/$temp >> glibc.filelist
fi
done
}
# create soft link for the reliant libraries
createSoftLink
set -e
############################################################################## ##############################################################################
# Run the glibc testsuite # Run the glibc testsuite
############################################################################## ##############################################################################
@ -1107,6 +1164,9 @@ fi
%endif %endif
%changelog %changelog
* Tue Mar 1 2022 Qingqing Li <liqingqing3@huawei.com> - 2.35-4
- remove shared library's RPATH/RUNPATH for security
* Tue Feb 22 2022 Qingqing Li <liqingqing3@huawei.com> - 2.35-3 * Tue Feb 22 2022 Qingqing Li <liqingqing3@huawei.com> - 2.35-3
- tzselect: use region to select timezone - tzselect: use region to select timezone