[2.24] Drop GLIBC_TUNABLES in setxid processes
Commit Message
Drop the GLIBC_TUNABLES environment variable from the environment of
setxid processes to avoid passing it on to non-setxid children. This
prevents potentially insecure tunables in the GLIBC_TUNABLES envvar
from crossing over into a child that may use a libc that has tunables
support.
Tested on x86_64. If this has an ack, I'll backport it to 2.23
and 2.22. Distro maintainers please feel free to backport it further
down if needed.
Siddhesh
* sysdeps/generic/unsecvars.h: Add GLIBC_TUNABLES.
---
sysdeps/generic/unsecvars.h | 1 +
1 file changed, 1 insertion(+)
Comments
I've pushed this because it is now essentially just a backport of 2/2 of
the tunables environment variable fixes.
Siddhesh
On Sunday 29 January 2017 11:41 PM, Siddhesh Poyarekar wrote:
> Drop the GLIBC_TUNABLES environment variable from the environment of
> setxid processes to avoid passing it on to non-setxid children. This
> prevents potentially insecure tunables in the GLIBC_TUNABLES envvar
> from crossing over into a child that may use a libc that has tunables
> support.
>
> Tested on x86_64. If this has an ack, I'll backport it to 2.23
> and 2.22. Distro maintainers please feel free to backport it further
> down if needed.
>
> Siddhesh
>
> * sysdeps/generic/unsecvars.h: Add GLIBC_TUNABLES.
> ---
> sysdeps/generic/unsecvars.h | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h
> index d5b8119..3e56538 100644
> --- a/sysdeps/generic/unsecvars.h
> +++ b/sysdeps/generic/unsecvars.h
> @@ -4,6 +4,7 @@
> #define UNSECURE_ENVVARS \
> "GCONV_PATH\0" \
> "GETCONF_DIR\0" \
> + "GLIBC_TUNABLES\0" \
> "HOSTALIASES\0" \
> "LD_AUDIT\0" \
> "LD_DEBUG\0" \
>
@@ -4,6 +4,7 @@
#define UNSECURE_ENVVARS \
"GCONV_PATH\0" \
"GETCONF_DIR\0" \
+ "GLIBC_TUNABLES\0" \
"HOSTALIASES\0" \
"LD_AUDIT\0" \
"LD_DEBUG\0" \