From patchwork Mon Mar 22 04:32:35 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Siddhesh Poyarekar X-Patchwork-Id: 42731 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 3422B3857815; Mon, 22 Mar 2021 09:08:21 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3422B3857815 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1616404101; bh=0Tk2Q+OzzQvEXrcbQrbb2nyxcY5XOER1X0B+oKWjOHg=; h=Subject:To:References:Date:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=TJIxblGC21UCT8lGx+qLJZwKnU1W9iMd9CQ5OBNAx4UOq9/tkqXDObYeovouVRP60 YrFPRR0wz9/EyvYHWbnzZUyw/gtoEYZ1kDsVinKRhEGwnY79taA3zMAl5x+UMctMLH ZmKzkRsTXnwhAtpjZgWT4bJdSfzXncYwPhTmEock= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from aye.elm.relay.mailchannels.net (aye.elm.relay.mailchannels.net [23.83.212.6]) by sourceware.org (Postfix) with ESMTPS id 4B8EC3858D29 for ; Mon, 22 Mar 2021 09:08:17 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 4B8EC3858D29 X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 3637C687301 for ; Mon, 22 Mar 2021 04:32:41 +0000 (UTC) Received: from pdx1-sub0-mail-a69.g.dreamhost.com (100-96-18-57.trex.outbound.svc.cluster.local [100.96.18.57]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 019176872DE for ; Mon, 22 Mar 2021 04:32:38 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from pdx1-sub0-mail-a69.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384) by 100.96.18.57 (trex/6.1.1); Mon, 22 Mar 2021 04:32:41 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Average-Oafish: 2642a7750a4fe8ce_1616387561041_3275078465 X-MC-Loop-Signature: 1616387561041:346608927 X-MC-Ingress-Time: 1616387561041 Received: from pdx1-sub0-mail-a69.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a69.g.dreamhost.com (Postfix) with ESMTP id C21488A3D4 for ; Sun, 21 Mar 2021 21:32:38 -0700 (PDT) Received: from [192.168.1.111] (unknown [1.186.101.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a69.g.dreamhost.com (Postfix) with ESMTPSA id 137157F5EC for ; Sun, 21 Mar 2021 21:32:37 -0700 (PDT) Subject: [PING][PATCH v2 0/4] tunables and setxid programs To: libc-alpha@sourceware.org References: <20210316070755.330084-1-siddhesh@sourceware.org> X-DH-BACKEND: pdx1-sub0-mail-a69 Message-ID: Date: Mon, 22 Mar 2021 10:02:35 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.0 MIME-Version: 1.0 In-Reply-To: <20210316070755.330084-1-siddhesh@sourceware.org> Content-Language: en-US X-Spam-Status: No, score=-3487.1 required=5.0 tests=BAYES_00, JMQ_SPF_NEUTRAL, KAM_DMARC_NONE, KAM_DMARC_STATUS, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_NEUTRAL, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Siddhesh Poyarekar via Libc-alpha From: Siddhesh Poyarekar Reply-To: Siddhesh Poyarekar Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" On 3/16/21 12:37 PM, Siddhesh Poyarekar via Libc-alpha wrote: > When parse_tunables tries to erase a tunable marked as SXID_ERASE for > setuid programs, it ends up setting the envvar string iterator > incorrectly, because of which it may parse the next tunable > incorrectly. Given that currently the implementation allows malformed > and unrecognized tunables pass through, it may even allow SXID_ERASE > tunables to go through. > > This change revamps the SXID_ERASE implementation so that: > > - Only valid tunables are written back to the tunestr string, because > of which children of SXID programs will only inherit a clean list of > identified tunables that are not SXID_ERASE. > > - Unrecognized tunables get scrubbed off from the environment and > subsequently from the child environment. > > - This has the side-effect that a tunable that is not identified by > the setxid binary, will not be passed on to a non-setxid child even > if the child could have identified that tunable. This may break > applications that expect this behaviour but expecting such tunables > to cross the SXID boundary is wrong. > > The setuid test for tunables has been bolstered to test different > combinations of tunable values to ensure that the behaviour is now > consistent. > > Siddhesh Poyarekar (4): > support: Add capability to fork an sgid child > tst-env-setuid: Use support_capture_subprogram_self_sgid > Enhance setuid-tunables test > Fix SXID_ERASE behavior in setuid programs (BZ #27471) > > elf/Makefile | 2 - > elf/dl-tunables.c | 56 ++++---- > elf/tst-env-setuid-tunables.c | 118 +++++++++++++--- > elf/tst-env-setuid.c | 197 ++------------------------ > stdlib/tst-secure-getenv.c | 199 +++------------------------ > support/capture_subprocess.h | 6 + > support/check.h | 12 ++ > support/subprocess.h | 5 + > support/support_capture_subprocess.c | 114 +++++++++++++++ > support/support_subprocess.c | 13 ++ > 10 files changed, 304 insertions(+), 418 deletions(-) >