mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-11-24 08:32:02 +00:00
Merge pull request #36400 from azat/dyn-linker-vars
Add more harmful variables for OSX
This commit is contained in:
commit
2f38e7bc5c
@ -334,11 +334,24 @@ struct Checker
|
||||
#endif
|
||||
;
|
||||
|
||||
/// NOTE: We will migrate to full static linking or our own dynamic loader to make this code obsolete.
|
||||
void checkHarmfulEnvironmentVariables()
|
||||
{
|
||||
/// The list is a selection from "man ld-linux". And one variable that is Mac OS X specific.
|
||||
/// NOTE: We will migrate to full static linking or our own dynamic loader to make this code obsolete.
|
||||
for (const auto * var : {"LD_PRELOAD", "LD_LIBRARY_PATH", "LD_ORIGIN_PATH", "LD_AUDIT", "LD_DYNAMIC_WEAK", "DYLD_INSERT_LIBRARIES"})
|
||||
std::initializer_list<const char *> harmful_env_variables = {
|
||||
/// The list is a selection from "man ld-linux".
|
||||
"LD_PRELOAD",
|
||||
"LD_LIBRARY_PATH",
|
||||
"LD_ORIGIN_PATH",
|
||||
"LD_AUDIT",
|
||||
"LD_DYNAMIC_WEAK",
|
||||
/// The list is a selection from "man dyld" (osx).
|
||||
"DYLD_LIBRARY_PATH",
|
||||
"DYLD_FALLBACK_LIBRARY_PATH",
|
||||
"DYLD_VERSIONED_LIBRARY_PATH",
|
||||
"DYLD_INSERT_LIBRARIES",
|
||||
};
|
||||
|
||||
for (const auto * var : harmful_env_variables)
|
||||
{
|
||||
if (const char * value = getenv(var); value && value[0])
|
||||
{
|
||||
|
@ -0,0 +1,2 @@
|
||||
1
|
||||
1
|
18
tests/queries/0_stateless/02280_dynamic_linker_env.sh
Executable file
18
tests/queries/0_stateless/02280_dynamic_linker_env.sh
Executable file
@ -0,0 +1,18 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
CUR_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
|
||||
# shellcheck source=../shell_config.sh
|
||||
. "$CUR_DIR"/../shell_config.sh
|
||||
|
||||
static=$($CLICKHOUSE_LOCAL -q "SELECT value IN ('ON', '1') FROM system.build_options WHERE name = 'STATIC'")
|
||||
|
||||
clickhouse-local -q 'select 1'
|
||||
|
||||
if [ "$static" -eq 1 ]; then
|
||||
# "grep -c" will also gives "1"
|
||||
LD_LIBRARY_PATH=/ clickhouse-local -q 'select 1' |& grep -x -F -c 'Environment variable LD_LIBRARY_PATH is set to /. It can compromise security.'
|
||||
else
|
||||
# works because it does not uses main.cpp entrypoint
|
||||
# (due to shared build is always splitted, and non-splitted will have lots of ODR issues)
|
||||
LD_LIBRARY_PATH=/ clickhouse-local -q 'select 1'
|
||||
fi
|
Loading…
Reference in New Issue
Block a user