From patchwork Fri Mar 1 17:46:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joe Simmons-Talbott X-Patchwork-Id: 86667 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id BF9433858429 for ; Fri, 1 Mar 2024 17:47:38 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id CA57B3858402 for ; Fri, 1 Mar 2024 17:47:03 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org CA57B3858402 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org CA57B3858402 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1709315225; cv=none; b=sGzvOEIvl/5gs4B/Nzkf+BBQr1jGA3e+8xLnuCJHtRImSJRs1yYYuJe3pbogiEYRID5X607do+Oa2B5MTr1Hc7BFsvC9NN3+UFW1rgSZz3Ig55sBQtAbzbxerrwqnbgna/6erlgWJgKNu0HOk8e9omm1QOP354N7CrUkOz5qIBc= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1709315225; c=relaxed/simple; bh=NX/7246Q7BxZCjhMXUryzdQoZDRYp/mYaUZw3jquUPg=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=iCpyXRBl/nbf4FMIOASDerN6juZ1GRKHbF/amHHLWfuyL+H+1JS4BrubGvtH1eUN/swGN+mgM+s+MbozzhY7ls9UxWOo7Aqac/WO4QTQAAom56r/FNo2aMTFnP0EpZVyzF6AQcKY88Bm+TmSuBZZk+z4xSOt0kvcZiFZUq7QN8c= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709315223; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xDN8l9PJer1QIdzzGSEIHJjuGK3cAR4QlKXo376f4YU=; b=KycIAm3RIDIVnfUBqhbghsmJ82wGoIDrZqAK8Fdz/i5x8Ccvv5Bi8vC4kXI1C2DupjGvpR vLfu3dhPTozSYrRNQgkfvAlZlsv7wENkxQsX1hybzjQ2Et2BXtn54obSEjUvsVRoHDfRVp wl1HnzytwXjhjppIsct/Ckajwu1UoZU= Received: from mail-qv1-f72.google.com (mail-qv1-f72.google.com [209.85.219.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-166-VtyamowyPo6awNVPdru6Uw-1; Fri, 01 Mar 2024 12:47:02 -0500 X-MC-Unique: VtyamowyPo6awNVPdru6Uw-1 Received: by mail-qv1-f72.google.com with SMTP id 6a1803df08f44-69009cbf840so23442706d6.3 for ; Fri, 01 Mar 2024 09:47:02 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709315221; x=1709920021; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=xDN8l9PJer1QIdzzGSEIHJjuGK3cAR4QlKXo376f4YU=; b=tpc7cFik35c4ssZBbV2h/dEXVW+s9ASpkL20eKHO+L/53SqEo92RqcIjNGgq8DrfLe yu6zj4aFG4Y+5sfFKWmcM0ZbpqIrL5cRzadCLWQ0LRejsqorpwWZbNjGgVOIr2NZPD+D 3qQUKGYSkF36gsydTtIDxZjXaMMw2DJ31Nsuy5u0uDVh8ZZLq6twuonu6rB22klcXz+q bZpJqNSicKf5Ig3TXYWOm46vNLTaQHmxcpnUPaRGqs4nDuaQtggbUZYJoQhbteshC/ZA oXkIvJQ++gWO0GfYxq4zjSlyg8VBwyvA/MwrBbvFYDt6VszVep8SDRkP1N9pXHXrMyo9 CTSg== X-Gm-Message-State: AOJu0YzrcM2hEMuePvSYKGke6t1uTZzFvwKeuSjfM9nCRIAMP6zbmIBu uj1i3tZgHCIGbi3wpg7uMcpfMR/utWQkKpxETsOuywNQQwPRD9cYPVG39ZcRLSCGUC+tnL+lTKw 5c1+y0R2bLOQndGgAlgQZqTfMcUq5EkSPVkftc0yOvGVongv7oJNv7Q5bZO/FVe6uVQJy9lP90W TSVKb3ss6jy5x9laNvwFGTyVdVWsLTcaTjQtShpRaAjA== X-Received: by 2002:ad4:42ac:0:b0:68f:f701:e357 with SMTP id e12-20020ad442ac000000b0068ff701e357mr2738036qvr.12.1709315221694; Fri, 01 Mar 2024 09:47:01 -0800 (PST) X-Google-Smtp-Source: AGHT+IEbdkQ6IHA4tLMgLlgeCsHWpcEfTe8PJPgNdtBh5CXRWXtQCPhi6N+NHG2AkDuYHftONP2YRA== X-Received: by 2002:ad4:42ac:0:b0:68f:f701:e357 with SMTP id e12-20020ad442ac000000b0068ff701e357mr2738016qvr.12.1709315221300; Fri, 01 Mar 2024 09:47:01 -0800 (PST) Received: from oak.redhat.com (c-71-206-142-238.hsd1.va.comcast.net. [71.206.142.238]) by smtp.gmail.com with ESMTPSA id on7-20020a056214448700b0068f9b20fb0bsm2061286qvb.100.2024.03.01.09.47.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 Mar 2024 09:47:00 -0800 (PST) From: Joe Simmons-Talbott To: libc-alpha@sourceware.org Cc: Joe Talbott Subject: [committed] manual/tunables - Add entry for enable_secure tunable. Date: Fri, 1 Mar 2024 12:46:56 -0500 Message-ID: <20240301174659.2012703-1-josimmon@redhat.com> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-12.7 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org From: Joe Talbott --- manual/tunables.texi | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/manual/tunables.texi b/manual/tunables.texi index be97190d67..4a7d04dc0d 100644 --- a/manual/tunables.texi +++ b/manual/tunables.texi @@ -345,6 +345,16 @@ performance issues of @samp{1}. The default value of this tunable is @samp{2}. @end deftp +@deftp Tunable glibc.rtld.enable_secure +Used to run a program as if it were a setuid process. The only valid value +is @samp{1} as this tunable can only be used to set and not unset +@code{enable_secure}. Setting this tunable to @samp{1} also disables all other +tunables. This tunable is intended to facilitate more extensive verification +tests for @code{AT_SECURE} programs and not meant to be a security feature. + +The default value of this tunable is @samp{0}. +@end deftp + @node Elision Tunables @section Elision Tunables @cindex elision tunables