From 1ba73c77e55b53006fd59164a10e8fc2af1a12d1 Mon Sep 17 00:00:00 2001
From: Xin LI <d@delphij.net>
Date: Fri, 2 Dec 2011 11:00:32 -0800
Subject: [PATCH 4/4] Enforce the permission check when the calling process is
 tainted.

---
 lib/libc/gen/dlopen.3   |    5 +++++
 libexec/rtld-elf/rtld.c |    2 +-
 2 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/lib/libc/gen/dlopen.3 b/lib/libc/gen/dlopen.3
index 2173a11..e49de20 100644
--- a/lib/libc/gen/dlopen.3
+++ b/lib/libc/gen/dlopen.3
@@ -164,6 +164,11 @@ argument:
 .It Dv RTLD_PARANOID
 Only allow shared objects owned by root and is not writable by group
 or others be loaded.
+This behavior is enforced by default when the calling process is
+.Dq tainted .
+See
+.Xr issetugid 2
+for details.
 .El
 .Pp
 If
diff --git a/libexec/rtld-elf/rtld.c b/libexec/rtld-elf/rtld.c
index 9302df7..6b52a2f 100644
--- a/libexec/rtld-elf/rtld.c
+++ b/libexec/rtld-elf/rtld.c
@@ -2173,7 +2173,7 @@ dlopen(const char *name, int mode)
 	    lo_flags |= RTLD_LO_NOLOAD;
     if (ld_tracing != NULL)
 	    lo_flags |= RTLD_LO_TRACE;
-    if (mode & RTLD_PARANOID)
+    if (mode & RTLD_PARANOID || issetugid())
 	    lo_flags |= RTLD_LO_PARANOID;
 
     return (dlopen_object(name, obj_main, lo_flags,
-- 
1.7.7.2