[04/11] elf: Add GLIBC_TUNABLES to unsecvars
Checks
Context |
Check |
Description |
redhat-pt-bot/TryBot-apply_patch |
success
|
Patch applied to master at the time it was sent
|
linaro-tcwg-bot/tcwg_glibc_build--master-arm |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_glibc_build--master-aarch64 |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_glibc_check--master-arm |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_glibc_check--master-aarch64 |
success
|
Testing passed
|
Commit Message
setuid/setgid process now ignores any glibc tunables, and filters out
all environment variables that might changes its behavior. This patch
also adds GLIBC_TUNABLES, so any spawned process by setuid/setgid
processes should set tunable explicitly.
Checked on x86_64-linux-gnu.
---
elf/tst-env-setuid-tunables.c | 11 +++--------
sysdeps/generic/unsecvars.h | 1 +
2 files changed, 4 insertions(+), 8 deletions(-)
Comments
* Adhemerval Zanella:
> setuid/setgid process now ignores any glibc tunables, and filters out
> all environment variables that might changes its behavior. This patch
> also adds GLIBC_TUNABLES, so any spawned process by setuid/setgid
> processes should set tunable explicitly.
This should be committed earlier, before the patch that removes
SXID_ERASE support.
Otherwise:
Reviewed-by: Florian Weimer <fweimer@redhat.com>
Thanks,
Florian
On 12/10/23 05:46, Florian Weimer wrote:
> * Adhemerval Zanella:
>
>> setuid/setgid process now ignores any glibc tunables, and filters out
>> all environment variables that might changes its behavior. This patch
>> also adds GLIBC_TUNABLES, so any spawned process by setuid/setgid
>> processes should set tunable explicitly.
>
> This should be committed earlier, before the patch that removes
> SXID_ERASE support.
>
> Otherwise:
>
> Reviewed-by: Florian Weimer <fweimer@redhat.com>
Do you mean move it before 'elf: Ignore GLIBC_TUNABLES for setuid/setgid binaries'
patch?
* Adhemerval Zanella Netto:
> On 12/10/23 05:46, Florian Weimer wrote:
>> * Adhemerval Zanella:
>>
>>> setuid/setgid process now ignores any glibc tunables, and filters out
>>> all environment variables that might changes its behavior. This patch
>>> also adds GLIBC_TUNABLES, so any spawned process by setuid/setgid
>>> processes should set tunable explicitly.
>>
>> This should be committed earlier, before the patch that removes
>> SXID_ERASE support.
>>
>> Otherwise:
>>
>> Reviewed-by: Florian Weimer <fweimer@redhat.com>
>
> Do you mean move it before 'elf: Ignore GLIBC_TUNABLES for
> setuid/setgid binaries' patch?
Yes, exactly.
Thanks,
Florian
On 13/10/23 11:11, Florian Weimer wrote:
> * Adhemerval Zanella Netto:
>
>> On 12/10/23 05:46, Florian Weimer wrote:
>>> * Adhemerval Zanella:
>>>
>>>> setuid/setgid process now ignores any glibc tunables, and filters out
>>>> all environment variables that might changes its behavior. This patch
>>>> also adds GLIBC_TUNABLES, so any spawned process by setuid/setgid
>>>> processes should set tunable explicitly.
>>>
>>> This should be committed earlier, before the patch that removes
>>> SXID_ERASE support.
>>>
>>> Otherwise:
>>>
>>> Reviewed-by: Florian Weimer <fweimer@redhat.com>
>>
>> Do you mean move it before 'elf: Ignore GLIBC_TUNABLES for
>> setuid/setgid binaries' patch?
>
> Yes, exactly.
Alright, I will change it.
@@ -64,15 +64,10 @@ test_child (int off)
printf (" [%d] GLIBC_TUNABLES is %s\n", off, val);
fflush (stdout);
- if (val == NULL)
- printf (" [%d] GLIBC_TUNABLES environment variable absent\n", off);
+ if (val != NULL)
+ printf (" [%d] Unexpected GLIBC_TUNABLES VALUE %s\n", off, val);
else
- {
- if (strcmp (val, teststrings[off]) != 0)
- printf (" [%d] Unexpected GLIBC_TUNABLES VALUE %s\n", off, val);
- else
- ret = 0;
- }
+ ret = 0;
fflush (stdout);
int32_t check = TUNABLE_GET_FULL (glibc, malloc, check, int32_t, NULL);
@@ -4,6 +4,7 @@
#define UNSECURE_ENVVARS \
"GCONV_PATH\0" \
"GETCONF_DIR\0" \
+ "GLIBC_TUNABLES\0" \
"HOSTALIASES\0" \
"LD_AUDIT\0" \
"LD_DEBUG\0" \