diff mbox series

[v2,02/19] elf: Add GLIBC_TUNABLES to unsecvars

Message ID	20231017130526.2216827-3-adhemerval.zanella@linaro.org
State	Superseded
Delegated to:	Siddhesh Poyarekar
Headers	DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 796023858D38 From: Adhemerval Zanella <adhemerval.zanella@linaro.org> To: libc-alpha@sourceware.org, Siddhesh Poyarekar <siddhesh@sourceware.org> Cc: Florian Weimer <fweimer@redhat.com> Subject: [PATCH v2 02/19] elf: Add GLIBC_TUNABLES to unsecvars Date: Tue, 17 Oct 2023 10:05:09 -0300 Message-Id: <20231017130526.2216827-3-adhemerval.zanella@linaro.org> In-Reply-To: <20231017130526.2216827-1-adhemerval.zanella@linaro.org> References: <20231017130526.2216827-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org
Series	Improve loader environment variable handling \| [v2,00/19] Improve loader environment variable handling [v2,01/19] elf: Remove /etc/suid-debug support [v2,02/19] elf: Add GLIBC_TUNABLES to unsecvars [v2,03/19] elf: Ignore GLIBC_TUNABLES for setuid/setgid binaries [v2,04/19] elf: Add all malloc tunable to unsecvars [v2,05/19] elf: Do not process invalid tunable format [v2,06/19] elf: Do not parse ill-formatted strings [v2,07/19] elf: Fix _dl_debug_vdprintf to work before self-relocation [v2,08/19] elf: Emit warning if tunable is ill-formatted [v2,09/19] x86: Use dl-symbol-redir-ifunc.h on cpu-tunables [v2,10/19] s390: Use dl-symbol-redir-ifunc.h on cpu-tunables [v2,11/19] elf: Do not duplicate the GLIBC_TUNABLES string [v2,12/19] elf: Ignore LD_PROFILE for setuid binaries [v2,13/19] elf: Remove LD_PROFILE for static binaries [v2,14/19] elf: Ignore loader debug env vars for setuid [v2,15/19] elf: Remove any_debug from dl_main_state [v2,16/19] elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static [v2,17/19] elf: Add comments on how LD_AUDIT and LD_PRELOAD handle __libc_enable_secure [v2,18/19] elf: Ignore LD_BIND_NOW and LD_BIND_NOT for setuid binaries [v2,19/19] elf: Refactor process_envvars

Checks

Context	Check	Description
redhat-pt-bot/TryBot-apply_patch	success	Patch applied to master at the time it was sent
linaro-tcwg-bot/tcwg_glibc_build--master-arm	success	Testing passed

Commit Message

Adhemerval Zanella Netto Oct. 17, 2023, 1:05 p.m. UTC

  setuid/setgid process now ignores any glibc tunables, and filters out
all environment variables that might changes its behavior. This patch
also adds GLIBC_TUNABLES, so any spawned process by setuid/setgid
processes should set tunable explicitly.

Checked on x86_64-linux-gnu.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
---
 elf/tst-env-setuid-tunables.c | 32 ++++----------------------------
 sysdeps/generic/unsecvars.h   |  1 +
 2 files changed, 5 insertions(+), 28 deletions(-)

Comments

Siddhesh Poyarekar Oct. 18, 2023, 12:52 p.m. UTC | #1

On 2023-10-17 09:05, Adhemerval Zanella wrote:
> setuid/setgid process now ignores any glibc tunables, and filters out
> all environment variables that might changes its behavior. This patch
> also adds GLIBC_TUNABLES, so any spawned process by setuid/setgid
> processes should set tunable explicitly.
> 
> Checked on x86_64-linux-gnu.
> 
> Reviewed-by: Florian Weimer <fweimer@redhat.com>

Also.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

> ---
>   elf/tst-env-setuid-tunables.c | 32 ++++----------------------------
>   sysdeps/generic/unsecvars.h   |  1 +
>   2 files changed, 5 insertions(+), 28 deletions(-)
> 
> diff --git a/elf/tst-env-setuid-tunables.c b/elf/tst-env-setuid-tunables.c
> index f0b92c97e7..2603007b7b 100644
> --- a/elf/tst-env-setuid-tunables.c
> +++ b/elf/tst-env-setuid-tunables.c
> @@ -60,45 +60,21 @@ const char *teststrings[] =
>     "glibc.not_valid.check=2",
>   };
>   
> -const char *resultstrings[] =
> -{
> -  "glibc.malloc.mmap_threshold=4096",
> -  "glibc.malloc.mmap_threshold=4096",
> -  "glibc.malloc.mmap_threshold=4096",
> -  "glibc.malloc.perturb=0x800",
> -  "glibc.malloc.perturb=0x800:glibc.malloc.mmap_threshold=4096",
> -  "glibc.malloc.perturb=0x800:glibc.malloc.mmap_threshold=4096",
> -  "glibc.malloc.mmap_threshold=4096",
> -  "glibc.malloc.mmap_threshold=4096",
> -  "glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096",
> -  "",
> -  "",
> -  "",
> -  "",
> -  "",
> -  "",
> -  "",
> -};
> -
>   static int
>   test_child (int off)
>   {
>     const char *val = getenv ("GLIBC_TUNABLES");
> +  int ret = 1;
>   
>     printf ("    [%d] GLIBC_TUNABLES is %s\n", off, val);
>     fflush (stdout);
> -  if (val != NULL && strcmp (val, resultstrings[off]) == 0)
> -    return 0;
> -
>     if (val != NULL)
> -    printf ("    [%d] Unexpected GLIBC_TUNABLES VALUE %s, expected %s\n",
> -	    off, val, resultstrings[off]);
> +    printf ("    [%d] Unexpected GLIBC_TUNABLES VALUE %s\n", off, val);
>     else
> -    printf ("    [%d] GLIBC_TUNABLES environment variable absent\n", off);
> -
> +    ret = 0;
>     fflush (stdout);
>   
> -  return 1;
> +  return ret;
>   }
>   
>   static int
> diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h
> index 8278c50a84..81397fb90b 100644
> --- a/sysdeps/generic/unsecvars.h
> +++ b/sysdeps/generic/unsecvars.h
> @@ -4,6 +4,7 @@
>   #define UNSECURE_ENVVARS \
>     "GCONV_PATH\0"							      \
>     "GETCONF_DIR\0"							      \
> +  "GLIBC_TUNABLES\0"							      \
>     "HOSTALIASES\0"							      \
>     "LD_AUDIT\0"								      \
>     "LD_DEBUG\0"								      \

diff mbox series

Patch

diff --git a/elf/tst-env-setuid-tunables.c b/elf/tst-env-setuid-tunables.c
index f0b92c97e7..2603007b7b 100644
--- a/elf/tst-env-setuid-tunables.c
+++ b/elf/tst-env-setuid-tunables.c
@@ -60,45 +60,21 @@  const char *teststrings[] =
   "glibc.not_valid.check=2",
 };
 
-const char *resultstrings[] =
-{
-  "glibc.malloc.mmap_threshold=4096",
-  "glibc.malloc.mmap_threshold=4096",
-  "glibc.malloc.mmap_threshold=4096",
-  "glibc.malloc.perturb=0x800",
-  "glibc.malloc.perturb=0x800:glibc.malloc.mmap_threshold=4096",
-  "glibc.malloc.perturb=0x800:glibc.malloc.mmap_threshold=4096",
-  "glibc.malloc.mmap_threshold=4096",
-  "glibc.malloc.mmap_threshold=4096",
-  "glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096",
-  "",
-  "",
-  "",
-  "",
-  "",
-  "",
-  "",
-};
-
 static int
 test_child (int off)
 {
   const char *val = getenv ("GLIBC_TUNABLES");
+  int ret = 1;
 
   printf ("    [%d] GLIBC_TUNABLES is %s\n", off, val);
   fflush (stdout);
-  if (val != NULL && strcmp (val, resultstrings[off]) == 0)
-    return 0;
-
   if (val != NULL)
-    printf ("    [%d] Unexpected GLIBC_TUNABLES VALUE %s, expected %s\n",
-	    off, val, resultstrings[off]);
+    printf ("    [%d] Unexpected GLIBC_TUNABLES VALUE %s\n", off, val);
   else
-    printf ("    [%d] GLIBC_TUNABLES environment variable absent\n", off);
-
+    ret = 0;
   fflush (stdout);
 
-  return 1;
+  return ret;
 }
 
 static int
diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h
index 8278c50a84..81397fb90b 100644
--- a/sysdeps/generic/unsecvars.h
+++ b/sysdeps/generic/unsecvars.h
@@ -4,6 +4,7 @@ 
 #define UNSECURE_ENVVARS \
   "GCONV_PATH\0"							      \
   "GETCONF_DIR\0"							      \
+  "GLIBC_TUNABLES\0"							      \
   "HOSTALIASES\0"							      \
   "LD_AUDIT\0"								      \
   "LD_DEBUG\0"								      \