Merge "linker: only re-open std* for setuid programs."

commit: 5f28fde8aeee047a70e344c9da937695dc51a3ba [log] [tgz]
author: Nick Kralevich <nnk@google.com> Thu Apr 25 20:31:41 2013 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Apr 25 20:31:41 2013 +0000
tree: 61d332169251cde7d11a6687668f8b4a724e372e
parent: 87efcd2e63c9f218f476ef88f21e660f9bce633f [diff]
parent: 8d3e91d4f842911366155845afb3cfbdad0b4cad [diff]
diff --git a/linker/linker.cpp b/linker/linker.cpp
index 47c45eb..3ce75f1 100644
--- a/linker/linker.cpp
+++ b/linker/linker.cpp

@@ -1595,11 +1595,6 @@
         return false;
     }
 
-    // If this is a setuid/setgid program, close the security hole described in
-    // ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc
-    if (get_AT_SECURE()) {
-        nullify_closed_stdio();
-    }
     notify_gdb_of_load(si);
     return true;
 }
@@ -1628,6 +1623,12 @@
     // Initialize environment functions, and get to the ELF aux vectors table.
     linker_env_init(args);
 
+    // If this is a setuid/setgid program, close the security hole described in
+    // ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc
+    if (get_AT_SECURE()) {
+        nullify_closed_stdio();
+    }
+
     debuggerd_init();
 
     // Get a few environment variables.
commit	5f28fde8aeee047a70e344c9da937695dc51a3ba	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Thu Apr 25 20:31:41 2013 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu Apr 25 20:31:41 2013 +0000
tree	61d332169251cde7d11a6687668f8b4a724e372e
parent	87efcd2e63c9f218f476ef88f21e660f9bce633f [diff]
parent	8d3e91d4f842911366155845afb3cfbdad0b4cad [diff]