From 5d0001f01521eb923c16cd69c807c655ae9acb54 Mon Sep 17 00:00:00 2001
From: "Frank Ch. Eigler" <fche@redhat.com>
Date: Tue, 22 Sep 2009 16:17:50 +0000
Subject: [PATCH] re PR libmudflap/41433 (security: mudflap accepts environment
 variables if setuid)

2009-09-22  Frank Ch. Eigler  <fche@redhat.com>

	PR libmudflap/41433
	* mf-runtime.c (__mf_init): Ignore $MUDFLAP_OPTIONS if
	running setuid or setgid.

From-SVN: r152026
---
 libmudflap/ChangeLog    |  6 ++++++
 libmudflap/mf-runtime.c | 13 +++++++++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/libmudflap/ChangeLog b/libmudflap/ChangeLog
index e51c109bbac6..f65cf2ab3d36 100644
--- a/libmudflap/ChangeLog
+++ b/libmudflap/ChangeLog
@@ -1,3 +1,9 @@
+2009-09-22  Frank Ch. Eigler  <fche@redhat.com>
+
+	PR libmudflap/41433
+	* mf-runtime.c (__mf_init): Ignore $MUDFLAP_OPTIONS if
+	running setuid or setgid.
+
 2009-09-01  Loren J. Rittle  <ljrittle@acm.org>
 
 	* mf-runtime.c (__mf_init): Support FreeBSD.
diff --git a/libmudflap/mf-runtime.c b/libmudflap/mf-runtime.c
index 3bfaf02b6a08..08a50c218073 100644
--- a/libmudflap/mf-runtime.c
+++ b/libmudflap/mf-runtime.c
@@ -303,6 +303,14 @@ __mf_set_default_options ()
 #ifdef LIBMUDFLAPTH
   __mf_opts.thread_stack = 0;
 #endif
+
+  /* PR41443: Beware that the above flags will be applied to
+     setuid/setgid binaries, and cannot be overriden with
+     $MUDFLAP_OPTIONS.  So the defaults must be non-exploitable. 
+
+     Should we consider making the default violation_mode something
+     harsher than viol_nop?  OTOH, glibc's MALLOC_CHECK_ is disabled
+     by default for these same programs. */
 }
 
 static struct mudoption
@@ -442,7 +450,7 @@ __mf_usage ()
            "This is a %s%sGCC \"mudflap\" memory-checked binary.\n"
            "Mudflap is Copyright (C) 2002-2009 Free Software Foundation, Inc.\n"
            "\n"
-           "The mudflap code can be controlled by an environment variable:\n"
+           "Unless setuid, a program's mudflap options be set by an environment variable:\n"
            "\n"
            "$ export MUDFLAP_OPTIONS='<options>'\n"
            "$ <mudflapped_program>\n"
@@ -711,7 +719,8 @@ __mf_init ()
 
   __mf_set_default_options ();
 
-  ov = getenv ("MUDFLAP_OPTIONS");
+  if (getuid () == geteuid () && getgid () == getegid ()) /* PR41433, not setuid */
+    ov = getenv ("MUDFLAP_OPTIONS");
   if (ov)
     {
       int rc = __mfu_set_options (ov);
-- 
GitLab