[openwrt/openwrt] build: bundle-libraries.sh: patch bundled ld.so
LEDE Commits
lede-commits at lists.infradead.org
Fri Feb 2 04:59:48 PST 2018
jow pushed a commit to openwrt/openwrt.git, branch master:
https://git.lede-project.org/a9a43f3d791da40893832616e79bbeed198a1ddb
commit a9a43f3d791da40893832616e79bbeed198a1ddb
Author: Jo-Philipp Wich <jo at mein.io>
AuthorDate: Thu Jan 25 17:12:29 2018 +0100
build: bundle-libraries.sh: patch bundled ld.so
Remove references to /etc/, /lib/ and /usr/ from the bundled ld.so
interpreter using simple binary patching.
This is needed to prevent loading host system libraries such as
libnss_compat.so.2 on foreign systems, which may result in ld.so
inconsistency assertions.
Signed-off-by: Jo-Philipp Wich <jo at mein.io>
---
scripts/bundle-libraries.sh | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/scripts/bundle-libraries.sh b/scripts/bundle-libraries.sh
index f254d4d..bfe681a 100755
--- a/scripts/bundle-libraries.sh
+++ b/scripts/bundle-libraries.sh
@@ -97,6 +97,18 @@ _runas_so() {
}
}
+_patch_ldso() {
+ _cp "$1" "$1.patched"
+ sed -i -e 's,/\(usr\|lib\|etc\)/,/###/,g' "$1.patched"
+
+ if "$1.patched" 2>&1 | grep -q -- --library-path; then
+ _mv "$1.patched" "$1"
+ else
+ echo "binary patched ${1##*/} not executable, using original" >&2
+ rm -f "$1.patched"
+ fi
+}
+
for LDD in ${PATH//://ldd }/ldd; do
"$LDD" --version >/dev/null 2>/dev/null && break
LDD=""
@@ -135,6 +147,7 @@ for BIN in "$@"; do
[ -f "$token" -a ! -f "$dest" ] && {
_md "$ddir"
_cp "$token" "$dest"
+ [ -n "$LDSO" ] && _patch_ldso "$dest"
}
;; esac
done
More information about the lede-commits
mailing list