From patchwork Wed Nov 22 20:43:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 56414 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id CBABA389364C for ; Wed, 22 Nov 2023 20:43:54 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x430.google.com (mail-pf1-x430.google.com [IPv6:2607:f8b0:4864:20::430]) by sourceware.org (Postfix) with ESMTPS id 527FA3858422 for ; Wed, 22 Nov 2023 20:43:31 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 527FA3858422 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 527FA3858422 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::430 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1700685821; cv=none; b=jgB0YyvykwKuGMXM2zvHtnW2RNtn5L0wkm/Qy8YcFeU5Y7uUkSOaCTvRhsJE2Fsje6JSOnmSWJeBLj3pH/kVKJ22/kmA014hszU8p8O8xzQAu+mOvayeCFavlo5v7gGur3EeAS580dEaU+nEurCQ9VOr8op/Ic618894+M884zk= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1700685821; c=relaxed/simple; bh=+eywI8wm2ymzFGHHPGly9gO9Sye9hbp/WcWC5YubZHw=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=CliWZfcnHq2dEm+hB2ISxg+1LHTnhOw39vTkrm5z7tor7dtQKthRcXAZJIQ63w7iOlLbMp8AQOgNF3GOEViGNYhKDV9ee+Atd3nE4IA0YPYunLj/cl/Uu/i8u0Vt+95gt/UaT/vqe317lnEqYagPl7OxyG1qjJKAnInWkoJmXWI= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pf1-x430.google.com with SMTP id d2e1a72fcca58-6cbd24d9557so170110b3a.1 for ; Wed, 22 Nov 2023 12:43:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1700685810; x=1701290610; darn=sourceware.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=E18CNUehm4BkhYNQElachvwmSdC7gkmhlQWdqwWmj7I=; b=LxImCWq7IW00UJxsZKtxAxhR0+D8EFXbV28ICmBeJaUvD1ZFq3X52BNdVMcKoZuRBl Hhc1KckiwiIr1/AgNq2EmOz6UAlFZKqonYYla8OkIp+jvpI3K0GOVvOyTOExOqqQZHE9 cKl17vnSGtqQxyM7IfYK2YKu/eYC5tb2WFipYTPAGzsmER79/jQA5lGISVSXzc41zTrB LHjoK3ZMNE3w2c0ExhuZjY50+iPCIv8jp4iCt62RH2LZuFpOivTWZ0pMdyqswHUtILo4 r3a5fgXzD1Pqqv74dH1ZEbnunOQfS6IjCdQFPkfLdrQ9RBHyQRWRqmgREfWLMuT/wVgf NObA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700685810; x=1701290610; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=E18CNUehm4BkhYNQElachvwmSdC7gkmhlQWdqwWmj7I=; b=Ex6ovkldVsJY00Ne9KnmD82PROy0d2Lupdz7CPn8mz4/B1STNDWpKb8gJ15A1dcgqU cpRyI+hERO0E1X3X91IwFAg/GhO3ZfYRPVlXce3G5e7fK7oUFGHFqRaqgQyFoUMP/YmR UWK7wNeOHdZ4+kFdezxQ3Gsuo8ejgkbaD/o/dTddzcB5U/Ssm4ttN8HNcFFlSHW0NQEE 8qkejnd5bB9cEr3bscqCmXQ2YOecN0tB0JWwD9uR9QMHa2IZ8Cmt/VWRmzjMoVju10aj umgue52IEYgq8gOiP0/r7utKOoPQ7kV3YKnVipD9qZxHMAeCEHZhR6/LHpoH2SyMkaZU 26ZQ== X-Gm-Message-State: AOJu0YyEKUKbo936uSiyzKG2z0HgVkY1s9mpZ6g3dBu6aIX5wzLEJxiS lI+XEit6A3hdXkGZjyLSmaM6LwK/pJZ58tOadKneVA== X-Google-Smtp-Source: AGHT+IGYNsCps7V+xTI3EHEnOh4fooQQjj9Ci3TuvJCYGiafXNgbnt1Sd6e0KShVrUTMO6pcgVmADQ== X-Received: by 2002:a05:6a20:da8b:b0:187:a455:2758 with SMTP id iy11-20020a056a20da8b00b00187a4552758mr852989pzb.30.1700685809664; Wed, 22 Nov 2023 12:43:29 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c2:94e:ee04:b0d3:203c:7e3]) by smtp.gmail.com with ESMTPSA id ei45-20020a056a0080ed00b006cb6119f516sm138389pfb.163.2023.11.22.12.43.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 12:43:28 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org, siddhesh@sourceware.org Subject: [PATCH v5 0/5] Improve loader environment variable handling Date: Wed, 22 Nov 2023 17:43:20 -0300 Message-Id: <20231122204325.4058222-1-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org The first patch removes the tunable_strdup and make the GLIBC_TUNABLE parsing in place (no more possible allocation failure). The parsing now tracks the tunable string start and its size. The dl-tunable-parse.h adds helper functions to help to parse, like an strcmp that also checks for size and an iterator for suboptions that are comma-separated (used on hwcap parsing by x86, powerpc, and s390x). The second and third patch make loader ignore all but just LD_PRELOAD and LD_AUDIT for setuid binaries. For both options, loader ensures that pathnames containing slashes are ignored and shared libraries are loaded only from the standard search directories and only if they have set-user-ID mode bit enabled. Changes from v4: * Improve tunables value handling, now warnings for invalid and out of range numbers. Changes from v3: * Fixed tunable_initialize for strong aliases (it used the key length, instead of the value length). * Added a assert on tunable_str_comma_init to ensure its value is non null. * Added LD_WARN and LD_VERBOSE to filtered environment variables. Changes from v2: * Extend tst-tunables with tunables aliases tests. * Use warning instead of an error to indicate invalid tunables. * Fixed tunable_initialize for string aliases. Changes from v1: * Ignore most of the environment variables on security-sensitive mode. * Extend tests. Adhemerval Zanella (5): elf: Do not duplicate the GLIBC_TUNABLES string elf: Do not set invalid tunables values elf: Ignore loader debug env vars for setuid elf: Ignore LD_BIND_NOW and LD_BIND_NOT for setuid binaries elf: Refactor process_envvars elf/dl-misc.c | 5 +- elf/dl-tunables.c | 123 +++++++------ elf/dl-tunables.h | 6 +- elf/rtld.c | 108 ++++++++---- elf/tst-env-setuid.c | 8 +- elf/tst-tunables.c | 96 +++++++++- sysdeps/generic/dl-tunables-parse.h | 134 ++++++++++++++ sysdeps/generic/unsecvars.h | 4 + sysdeps/s390/cpu-features.c | 165 +++++++----------- .../unix/sysv/linux/aarch64/cpu-features.c | 33 ++-- .../unix/sysv/linux/powerpc/cpu-features.c | 45 ++--- .../sysv/linux/powerpc/tst-hwcap-tunables.c | 6 +- sysdeps/x86/Makefile | 4 +- sysdeps/x86/cpu-tunables.c | 118 +++++-------- sysdeps/x86/tst-hwcap-tunables.c | 148 ++++++++++++++++ 15 files changed, 682 insertions(+), 321 deletions(-) create mode 100644 sysdeps/generic/dl-tunables-parse.h create mode 100644 sysdeps/x86/tst-hwcap-tunables.c