snapcraft.yaml: ignore LD_* variables

There are potential issues where some users having broken `LD_LIBRARY_PATH`, `LD_PRELOAD` or `LD_AUDIT` would break execution of the snapd dynamic linker because that would try to force loading binaries with a different ABI. So we rename the `LD_*` variables as `SNAPD_LD_*`.
ernestl · Sep 23, 2024 · 80baecc · 80baecc
1 parent 2873a5d
commit 80baecc
Show file tree

Hide file tree

Showing 3 changed files with 96 additions and 24 deletions.
diff --git a/build-aux/snap/local/rename-dynamic-loader-variables.patch b/build-aux/snap/local/rename-dynamic-loader-variables.patch
@@ -0,0 +1,60 @@
+diff -ur glibc-2.35.old/elf/dl-environ.c glibc-2.35/elf/dl-environ.c
+--- glibc-2.35.old/elf/dl-environ.c	2024-09-16 12:34:26.933137126 +0200
++++ glibc-2.35/elf/dl-environ.c	2024-09-16 12:45:01.558071825 +0200
+@@ -31,10 +31,21 @@
+
+   while (*current != NULL)
+     {
+-      if (__builtin_expect ((*current)[0] == 'L', 0)
+-	  && (*current)[1] == 'D' && (*current)[2] == '_')
++      if (__builtin_expect ((*current)[0] == 'S', 0)
++	  && (*current)[1] == 'N'
++          && (*current)[2] == 'A'
++          && (*current)[3] == 'P'
++          && (*current)[4] == 'D'
++          && (*current)[5] == '_') {
++      } else {
++        ++current;
++        continue ;
++      }
++
++      if (__builtin_expect ((*current)[6] == 'L', 0)
++	  && (*current)[7] == 'D' && (*current)[8] == '_')
+ 	{
+-	  result = &(*current)[3];
++	  result = &(*current)[9];
+
+ 	  /* Save current position for next visit.  */
+ 	  *position = ++current;
+diff -ur glibc-2.35.old/elf/dl-support.c glibc-2.35/elf/dl-support.c
+--- glibc-2.35.old/elf/dl-support.c	2024-09-16 12:34:26.934137133 +0200
++++ glibc-2.35/elf/dl-support.c	2024-09-16 12:47:39.969907345 +0200
+@@ -350,7 +350,7 @@
+
+   /* Initialize the data structures for the search paths for shared
+      objects.  */
+-  _dl_init_paths (getenv ("LD_LIBRARY_PATH"), "LD_LIBRARY_PATH",
++  _dl_init_paths (getenv ("SNAPD_LD_LIBRARY_PATH"), "SNAPD_LD_LIBRARY_PATH",
+ 		  /* No glibc-hwcaps selection support in statically
+ 		     linked binaries.  */
+ 		  NULL, NULL);
+diff -ur glibc-2.35.old/sysdeps/generic/unsecvars.h glibc-2.35/sysdeps/generic/unsecvars.h
+--- glibc-2.35.old/sysdeps/generic/unsecvars.h	2024-09-16 12:34:27.709142902 +0200
++++ glibc-2.35/sysdeps/generic/unsecvars.h	2024-09-20 10:11:02.416382981 +0200
+@@ -30,5 +30,16 @@
+   "NLSPATH\0"								      \
+   "RESOLV_HOST_CONF\0"							      \
+   "RES_OPTIONS\0"							      \
++  "SNAPD_LD_AUDIT\0"							      \
++  "SNAPD_LD_DEBUG\0"							      \
++  "SNAPD_LD_DEBUG_OUTPUT\0"						      \
++  "SNAPD_LD_DYNAMIC_WEAK\0"						      \
++  "SNAPD_LD_HWCAP_MASK\0"						      \
++  "SNAPD_LD_LIBRARY_PATH\0"						      \
++  "SNAPD_LD_ORIGIN_PATH\0"						      \
++  "SNAPD_LD_PRELOAD\0"							      \
++  "SNAPD_LD_PROFILE\0"							      \
++  "SNAPD_LD_SHOW_AUXV\0"						      \
++  "SNAPD_LD_USE_LOAD_BIAS\0"						      \
+   "TMPDIR\0"								      \
+   "TZDIR\0"
diff --git a/build-aux/snap/snapcraft.yaml b/build-aux/snap/snapcraft.yaml
@@ -71,6 +71,7 @@ parts:
     override-pull: |
       craftctl default
       QUILT_PATCHES=debian/patches quilt push -a
+      patch -p1 <"${CRAFT_PROJECT_DIR}/build-aux/snap/local/rename-dynamic-loader-variables.patch"
 
     override-build: |
       rm -rf build

diff --git a/osutil/env.go b/osutil/env.go
@@ -232,28 +232,39 @@ func (env *Environment) ExtendWithExpanded(eenv ExpandableEnv) {
 // Taken from https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=sysdeps/generic/unsecvars.h;hb=HEAD
 // TODO: use go generate to obtain this list at build time.
 var unsafeEnv = map[string]bool{
-	"GCONV_PATH":       true,
-	"GETCONF_DIR":      true,
-	"GLIBC_TUNABLES":   true,
-	"HOSTALIASES":      true,
-	"LD_AUDIT":         true,
-	"LD_DEBUG":         true,
-	"LD_DEBUG_OUTPUT":  true,
-	"LD_DYNAMIC_WEAK":  true,
-	"LD_HWCAP_MASK":    true,
-	"LD_LIBRARY_PATH":  true,
-	"LD_ORIGIN_PATH":   true,
-	"LD_PRELOAD":       true,
-	"LD_PROFILE":       true,
-	"LD_SHOW_AUXV":     true,
-	"LD_USE_LOAD_BIAS": true,
-	"LOCALDOMAIN":      true,
-	"LOCPATH":          true,
-	"MALLOC_TRACE":     true,
-	"NIS_PATH":         true,
-	"NLSPATH":          true,
-	"RESOLV_HOST_CONF": true,
-	"RES_OPTIONS":      true,
-	"TMPDIR":           true,
-	"TZDIR":            true,
+	"GCONV_PATH":             true,
+	"GETCONF_DIR":            true,
+	"GLIBC_TUNABLES":         true,
+	"HOSTALIASES":            true,
+	"LD_AUDIT":               true,
+	"LD_DEBUG":               true,
+	"LD_DEBUG_OUTPUT":        true,
+	"LD_DYNAMIC_WEAK":        true,
+	"LD_HWCAP_MASK":          true,
+	"LD_LIBRARY_PATH":        true,
+	"LD_ORIGIN_PATH":         true,
+	"LD_PRELOAD":             true,
+	"LD_PROFILE":             true,
+	"LD_SHOW_AUXV":           true,
+	"LD_USE_LOAD_BIAS":       true,
+	"LOCALDOMAIN":            true,
+	"LOCPATH":                true,
+	"MALLOC_TRACE":           true,
+	"NIS_PATH":               true,
+	"NLSPATH":                true,
+	"RESOLV_HOST_CONF":       true,
+	"RES_OPTIONS":            true,
+	"SNAPD_LD_AUDIT":         true,
+	"SNAPD_LD_DEBUG":         true,
+	"SNAPD_LD_DEBUG_OUTPUT":  true,
+	"SNAPD_LD_DYNAMIC_WEAK":  true,
+	"SNAPD_LD_HWCAP_MASK":    true,
+	"SNAPD_LD_LIBRARY_PATH":  true,
+	"SNAPD_LD_ORIGIN_PATH":   true,
+	"SNAPD_LD_PRELOAD":       true,
+	"SNAPD_LD_PROFILE":       true,
+	"SNAPD_LD_SHOW_AUXV":     true,
+	"SNAPD_LD_USE_LOAD_BIAS": true,
+	"TMPDIR":                 true,
+	"TZDIR":                  true,
 }