From d106d9f871c957286ccdeb79c1c2a5ed41f859a6 Mon Sep 17 00:00:00 2001 From: David Sehr Date: Tue, 16 Aug 2016 19:22:57 -0700 Subject: Save environment snapshot and use at fork/exec Some applications may inadvertently or maliciously set of environment variables such as LD_LIBRARY_PATH before spawning subprocesses. To make this more difficult, save the environment at the time the runtime starts and use the saved copy anytime Exec is called. BUG: 30160149 TEST: make test-art-{host,target} Change-Id: I887b78bdb21ab20855636a96da14a74c767bbfef --- runtime/utils.cc | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'runtime/utils.cc') diff --git a/runtime/utils.cc b/runtime/utils.cc index b676ae5ae5..313190c84d 100644 --- a/runtime/utils.cc +++ b/runtime/utils.cc @@ -1155,8 +1155,15 @@ int ExecAndReturnCode(std::vector& arg_vector, std::string* error_m // change process groups, so we don't get reaped by ProcessManager setpgid(0, 0); - execv(program, &args[0]); - PLOG(ERROR) << "Failed to execv(" << command_line << ")"; + // (b/30160149): protect subprocesses from modifications to LD_LIBRARY_PATH, etc. + // Use the snapshot of the environment from the time the runtime was created. + char** envp = (Runtime::Current() == nullptr) ? nullptr : Runtime::Current()->GetEnvSnapshot(); + if (envp == nullptr) { + execv(program, &args[0]); + } else { + execve(program, &args[0], envp); + } + PLOG(ERROR) << "Failed to execve(" << command_line << ")"; // _exit to avoid atexit handlers in child. _exit(1); } else { -- cgit v1.2.3-59-g8ed1b