sys-apps/sandbox: Stop sandbox-2.11 from ignoring LD_LIBRARY_PATH #5794
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bug: https://bugs.gentoo.org/580726
Package-Manager: Portage-2.3.6, Repoman-2.3.2
Sandbox commit 55087abd8dc9802cf68cade776fe612a3f19f6a1 is for the purpose of preventing a loop or deadlock caused by a package implementing its own libc memory allocation functions, which themselves may call on a sandbox wrapped system calls, whose implementation depends on further calls to such memory functions. If any binaries export such symbols, sandbox assumes the worst and prevents loading of libsandbox.so and instead opts for ptrace.
In preventing the loading of libsandbox, it removes all variables whose
env_pair.name
field matches the name of an environment variable from the environment, for allenv_pair
s ofvars[]
inchar **sb_check_envp(char **envp, size_t *mod_cnt, bool insert)
in "libsandbox/libsandbox.c". This includes not just the usual environment variables prefixed with 'SANDBOX_' but alsoLD_PRELOAD
andLD_LIBRARY_PATH
.LD_PRELOAD
clearly should be removed. ButLD_LIBRARY_PATH
would only seem to be trouble if used withLD_PRELOAD
. As such it makes sense to me to prevent the removal ofLD_LIBRARY_PATH
.Given the fact that the the positions of the
env_pair
s invars[]
are intended to be hard-coded (from libsandbox.c:/* Indices matter -- see init below */
), this commit uses the index of theenv_pair
corresponding toLD_LIBRARY_PATH
to prevent its removal.Tested with www-client/seamonkey-2.49.3.0_p0.