build: bundle-libraries.sh: patch bundled ld.so
Remove references to /etc/, /lib/ and /usr/ from the bundled ld.so interpreter using simple binary patching. This is needed to prevent loading host system libraries such as libnss_compat.so.2 on foreign systems, which may result in ld.so inconsistency assertions. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This commit is contained in:
Jo-Philipp Wich
parent
ab44f8fc0d
commit
a9a43f3d79
1 changed files with 13 additions and 0 deletions
|
|
@ -97,6 +97,18 @@ _runas_so() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
_patch_ldso() {
|
||||||
|
_cp "$1" "$1.patched"
|
||||||
|
sed -i -e 's,/\(usr\|lib\|etc\)/,/###/,g' "$1.patched"
|
||||||
|
|
||||||
|
if "$1.patched" 2>&1 | grep -q -- --library-path; then
|
||||||
|
_mv "$1.patched" "$1"
|
||||||
|
else
|
||||||
|
echo "binary patched ${1##*/} not executable, using original" >&2
|
||||||
|
rm -f "$1.patched"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
for LDD in ${PATH//://ldd }/ldd; do
|
for LDD in ${PATH//://ldd }/ldd; do
|
||||||
"$LDD" --version >/dev/null 2>/dev/null && break
|
"$LDD" --version >/dev/null 2>/dev/null && break
|
||||||
LDD=""
|
LDD=""
|
||||||
|
|
@ -135,6 +147,7 @@ for BIN in "$@"; do
|
||||||
[ -f "$token" -a ! -f "$dest" ] && {
|
[ -f "$token" -a ! -f "$dest" ] && {
|
||||||
_md "$ddir"
|
_md "$ddir"
|
||||||
_cp "$token" "$dest"
|
_cp "$token" "$dest"
|
||||||
|
[ -n "$LDSO" ] && _patch_ldso "$dest"
|
||||||
}
|
}
|
||||||
;; esac
|
;; esac
|
||||||
done
|
done
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue