/* Mudflap: narrow-pointer bounds-checking by tree rewriting.
- Copyright (C) 2002, 2003, 2004, 2005, 2006, 2008, 2009
+ Copyright (C) 2002, 2003, 2004, 2005, 2006, 2008, 2009, 2010, 2011, 2012
Free Software Foundation, Inc.
Contributed by Frank Ch. Eigler <fche@redhat.com>
and Graydon Hoare <graydon@redhat.com>
#ifdef LIBMUDFLAPTH
__mf_opts.thread_stack = 0;
#endif
+
+ /* PR41443: Beware that the above flags will be applied to
+ setuid/setgid binaries, and cannot be overriden with
+ $MUDFLAP_OPTIONS. So the defaults must be non-exploitable.
+
+ Should we consider making the default violation_mode something
+ harsher than viol_nop? OTOH, glibc's MALLOC_CHECK_ is disabled
+ by default for these same programs. */
}
static struct mudoption
fprintf (stderr,
"This is a %s%sGCC \"mudflap\" memory-checked binary.\n"
- "Mudflap is Copyright (C) 2002-2009 Free Software Foundation, Inc.\n"
+ "Mudflap is Copyright (C) 2002-2012 Free Software Foundation, Inc.\n"
"\n"
- "The mudflap code can be controlled by an environment variable:\n"
+ "Unless setuid, a program's mudflap options be set by an environment variable:\n"
"\n"
"$ export MUDFLAP_OPTIONS='<options>'\n"
"$ <mudflapped_program>\n"
{NULL, "free", NULL},
{NULL, "malloc", NULL},
{NULL, "mmap", NULL},
+#ifdef HAVE_MMAP64
+ {NULL, "mmap64", NULL},
+#endif
{NULL, "munmap", NULL},
{NULL, "realloc", NULL},
{NULL, "DUMMY", NULL}, /* dyn_INITRESOLVE */
if (LIKELY (__mf_starting_p == 0))
return;
+#if defined(__FreeBSD__) && defined(LIBMUDFLAPTH)
+ pthread_self();
+ LOCKTH ();
+ UNLOCKTH ();
+#endif /* Prime mutex which calls calloc upon first lock to avoid deadlock. */
+
/* This initial bootstrap phase requires that __mf_starting_p = 1. */
#ifdef PIC
__mf_resolve_dynamics ();
__mf_set_default_options ();
- ov = getenv ("MUDFLAP_OPTIONS");
+ if (getuid () == geteuid () && getgid () == getegid ()) /* PR41433, not setuid */
+ ov = getenv ("MUDFLAP_OPTIONS");
if (ov)
{
int rc = __mfu_set_options (ov);
__mf_register (& errno, sizeof (errno), __MF_TYPE_STATIC, "errno area");
+#if !(defined(__sun__) && defined(__svr4__))
+ /* Conflicts with the automatic registration of __iob[]. */
__mf_register (stdin, sizeof (*stdin), __MF_TYPE_STATIC, "stdin");
__mf_register (stdout, sizeof (*stdout), __MF_TYPE_STATIC, "stdout");
__mf_register (stderr, sizeof (*stderr), __MF_TYPE_STATIC, "stderr");
+#endif
/* Make some effort to register ctype.h static arrays. */
- /* XXX: e.g., on Solaris, may need to register __ctype, _ctype, __ctype_mask, __toupper, etc. */
+#if defined(__sun__) && defined(__svr4__)
+ /* __ctype[] is declared without size, but MB_CUR_MAX is the last
+ member. There seems to be no proper way to determine the size. */
+ __mf_register (__ctype, &MB_CUR_MAX - &__ctype[0] + 1, __MF_TYPE_STATIC, "__ctype");
+ /* __ctype_mask points at _C_masks[1]. The size can only determined
+ using nm on libc.so.1. */
+ __mf_register (__ctype_mask - 1, 1028, __MF_TYPE_STATIC, "_C_masks");
+#endif
/* On modern Linux GLIBC, these are thread-specific and changeable, and are dealt
with in mf-hooks2.c. */
}