ldd: use direct exec mode unconditionally

Trying to exec malformed or unusual binary, for instance, a non-FreeBSD ABI, or using a non-standard interpreter, might give unexpected outcome. Reported by: The UK's National Cyber Security Centre (NCSC) Reviewed by: emaste, markj, philip Discussed with: jhb Sponsored by: The FreeBSD Foundation admbug: 991 PR: 127276, 175339, 231926 MFC after: 1 week Differential revision: https://reviews.freebsd.org/D36650
author: Konstantin Belousov <kib@FreeBSD.org> 2022-09-21 16:55:44 +0300
committer: Konstantin Belousov <kib@FreeBSD.org> 2022-10-06 18:50:26 +0300
commit: 9cabef3d146e9a844813b6bc8952d6cf2e9d45e5 (patch)
tree: fdddc01f7d500cb78ddab42d887c5fb2d275eaa2 /usr.bin
parent: 4f756295e0e3ac5a9c2b3a6a3bfda6e7a61a560f (diff)
1 files changed, 7 insertions, 6 deletions
diff --git a/usr.bin/ldd/ldd.c b/usr.bin/ldd/ldd.c
index c16b6f5e8496..8897c8cbfbc2 100644
--- a/usr.bin/ldd/ldd.c
+++ b/usr.bin/ldd/ldd.c
@@ -233,18 +233,19 @@ main(int argc, char *argv[])
 			}
 			break;
 		case 0:
+			rtld = _PATH_RTLD;
+#if __ELF_WORD_SIZE > 32 && defined(ELF32_SUPPORTED)
+			if (type == TYPE_ELF32)
+				rtld = _COMPAT32_PATH_RTLD;
+#endif
 			if (is_shlib == 0) {
-				execl(*argv, *argv, (char *)NULL);
+				execl(rtld, rtld, "--",
+				    *argv, (char *)NULL);
 				warn("%s", *argv);
 			} else if (fmt1 == NULL && fmt2 == NULL && !aflag) {
 				dlopen(*argv, RTLD_TRACE);
 				warnx("%s: %s", *argv, dlerror());
 			} else {
-				rtld = _PATH_RTLD;
-#if __ELF_WORD_SIZE > 32 && defined(ELF32_SUPPORTED)
-				if (type == TYPE_ELF32)
-					rtld = _COMPAT32_PATH_RTLD;
-#endif
 				execl(rtld, rtld, "-d", "--",
 				    *argv, (char *)NULL);
 			}
author	Konstantin Belousov <kib@FreeBSD.org>	2022-09-21 16:55:44 +0300
committer	Konstantin Belousov <kib@FreeBSD.org>	2022-10-06 18:50:26 +0300
commit	9cabef3d146e9a844813b6bc8952d6cf2e9d45e5 (patch)
tree	fdddc01f7d500cb78ddab42d887c5fb2d275eaa2 /usr.bin
parent	4f756295e0e3ac5a9c2b3a6a3bfda6e7a61a560f (diff)