[v4,0/4] Improve loader environment variable handling

Message ID 20231122123601.603315-1-adhemerval.zanella@linaro.org
Series Improve loader environment variable handling |


Adhemerval Zanella Netto Nov. 22, 2023, 12:35 p.m. UTC
  The first patch removes the tunable_strdup and make the GLIBC_TUNABLE
parsing in place (no more possible allocation failure).  The parsing now
tracks the tunable string start and its size.  The dl-tunable-parse.h
adds helper functions to help to parse, like an strcmp that also checks
for size and an iterator for suboptions that are comma-separated
(used on hwcap parsing by x86, powerpc, and s390x).

The second and third patch make loader ignore all but just
LD_PRELOAD and LD_AUDIT for setuid binaries.   For both options, loader
ensures that pathnames containing slashes are ignored and shared
libraries are loaded only from the standard search directories and only
if they have set-user-ID mode bit enabled.

Changes from v3:
* Fixed tunable_initialize for strong aliases (it used the key length,
  instead of the value length).
* Added a assert on tunable_str_comma_init to ensure its value is non
* Added LD_WARN and LD_VERBOSE to filtered environment variables.

Changes from v2:
* Extend tst-tunables with tunables aliases tests.
* Use warning instead of an error to indicate invalid tunables.
* Fixed tunable_initialize for string aliases.

Changes from v1:
* Ignore most of the environment variables on security-sensitive mode.
* Extend tests.

Adhemerval Zanella (4):
  elf: Do not duplicate the GLIBC_TUNABLES string
  elf: Ignore loader debug env vars for setuid
  elf: Ignore LD_BIND_NOW and LD_BIND_NOT for setuid binaries
  elf: Refactor process_envvars

 elf/dl-tunables.c                             |  90 +++++-----
 elf/dl-tunables.h                             |   6 +-
 elf/rtld.c                                    | 108 ++++++++----
 elf/tst-env-setuid.c                          |   8 +-
 elf/tst-tunables.c                            |  66 ++++++-
 sysdeps/generic/dl-tunables-parse.h           | 134 ++++++++++++++
 sysdeps/generic/unsecvars.h                   |   4 +
 sysdeps/s390/cpu-features.c                   | 165 +++++++-----------
 .../unix/sysv/linux/aarch64/cpu-features.c    |  33 ++--
 .../unix/sysv/linux/powerpc/cpu-features.c    |  45 ++---
 .../sysv/linux/powerpc/tst-hwcap-tunables.c   |   6 +-
 sysdeps/x86/Makefile                          |   4 +-
 sysdeps/x86/cpu-tunables.c                    | 118 +++++--------
 sysdeps/x86/tst-hwcap-tunables.c              | 148 ++++++++++++++++
 14 files changed, 619 insertions(+), 316 deletions(-)
 create mode 100644 sysdeps/generic/dl-tunables-parse.h
 create mode 100644 sysdeps/x86/tst-hwcap-tunables.c