From patchwork Wed Nov 22 12:35:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 56413 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 10F4E3857B98 for ; Wed, 22 Nov 2023 12:36:22 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x629.google.com (mail-pl1-x629.google.com [IPv6:2607:f8b0:4864:20::629]) by sourceware.org (Postfix) with ESMTPS id F08843858C35 for ; Wed, 22 Nov 2023 12:36:07 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org F08843858C35 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org F08843858C35 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::629 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1700656569; cv=none; b=a1NhNT7M4txh7bWvc4nwqIqyARI2+ttCpAbUM4cPD9lD+cwee8J2xcuW/4XWsON50HDEZIkwY3T3FdbRkMzJAyc5FoSLBeNEbxJiP++nK8gdzL2XLhnIB3Kq3U11hAk8yY2lp9U5007dkV8Fy4EP9+qFpwocJSd4LvLSnHRix9Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1700656569; c=relaxed/simple; bh=B959b6igVl5vISZvHHFJmLfhQApLNQu2xJ2apGu02aQ=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=k6taOB6IRyV2sZu2R01Ekx/TLkgsIz1V42jKZXU4IpPPLpEwUArcWxpMiey6G+Jz2sHxywG+N388xMZ1QFrwkrIGdGHs8qNrXFlDnuBurDup5DQTicgZMZKyDxNrA+mIb0rgnuJe7ObMp92cMVdJokwnlKCoVvBEDZ85WlPEeSU= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pl1-x629.google.com with SMTP id d9443c01a7336-1cf6a67e290so22456365ad.1 for ; Wed, 22 Nov 2023 04:36:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1700656566; x=1701261366; darn=sourceware.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=UPYdDhCReUTvTrEDwUjrnJjuiTBcErBN/v70sVAoE5I=; b=EbZazn/mbLYi4YHTBZArmTE1UnoNgzs7Ol3rFJBW7gjUWPi3Yud8fDOmMxpUZAMTh1 2qeFSwRKHcfoitF7zqQw9X2iNiq1Ep68Nf/jbkqfP5g50sP4/FhERq3LIHfhJ8eRVnYW V8xyJDTwoRYAIYfp2t46xv/m9yHGYWBDvgwcvQwzkVbwsStnG+u+JpFAXmtd/0hFpI+M LjVMW1enNoedrnH5xf0AN4JAOBAE2rVgmDBozrre3aZqcavzrI/lqD8I/JMy5xZQ+yww BRTha42QmZ7uaqhwYSGI01o3E7zd51TVuvuP/ctFFrzyuRmhysUEV2dynwisEiVCw1U8 f7uQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700656566; x=1701261366; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=UPYdDhCReUTvTrEDwUjrnJjuiTBcErBN/v70sVAoE5I=; b=UIEoF21Mzswo5A566k94s7kYQwO+FTc+jg1NroBJs857gvtjqRILLPSgV+8WDjh7PE /I7uuWaZgC/nOhGGP4m0R1IoR9N852GPWvHoc4efjtGY1uKp4p6rX7HIThcdxqx8nu9c jncxAfYNqQOtnzH/BDdHgEagDqikr3gwQZzTkEynseLyMe0/Lw9cWY45BRzV1a7hortG +8xQ6FhSQu+cwSI+lzV7MnXX1nSx9N6d5d6y+hqsCPOdeVVfwQ2qS2UqR+oHTktVLWHN apZlt59ztPXIfHg9VeClFxcaDqI8PaDwfBu/twGzUgZ3xLa/s9W/Scr44tKg2RyLzKpk am3A== X-Gm-Message-State: AOJu0Yw8Wmr5znEGmSn5YhrSwEXYMkQcSGGtMg0MnOIBNZmVKfBpZpB6 MgiQHg/WcKXMS7oSK2U6HHCfX6gm8xiPqNB8BKseuA== X-Google-Smtp-Source: AGHT+IF9jZQgSbxGWRfoKUvCP3tURPkGA4Br3tAKWYixCtl7eEK9kXLkVH+JYg5OJozC8vWuj/QW7g== X-Received: by 2002:a17:902:dad1:b0:1cc:c857:14a0 with SMTP id q17-20020a170902dad100b001ccc85714a0mr2157522plx.3.1700656566115; Wed, 22 Nov 2023 04:36:06 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c2:94e:ee04:b0d3:203c:7e3]) by smtp.gmail.com with ESMTPSA id a4-20020a170902ee8400b001c9d011581dsm9736021pld.164.2023.11.22.04.36.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 04:36:05 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org, siddhesh@sourceware.org Subject: [PATCH v4 0/4] Improve loader environment variable handling Date: Wed, 22 Nov 2023 09:35:57 -0300 Message-Id: <20231122123601.603315-1-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Spam-Status: No, score=-3.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org The first patch removes the tunable_strdup and make the GLIBC_TUNABLE parsing in place (no more possible allocation failure). The parsing now tracks the tunable string start and its size. The dl-tunable-parse.h adds helper functions to help to parse, like an strcmp that also checks for size and an iterator for suboptions that are comma-separated (used on hwcap parsing by x86, powerpc, and s390x). The second and third patch make loader ignore all but just LD_PRELOAD and LD_AUDIT for setuid binaries. For both options, loader ensures that pathnames containing slashes are ignored and shared libraries are loaded only from the standard search directories and only if they have set-user-ID mode bit enabled. Changes from v3: * Fixed tunable_initialize for strong aliases (it used the key length, instead of the value length). * Added a assert on tunable_str_comma_init to ensure its value is non null. * Added LD_WARN and LD_VERBOSE to filtered environment variables. Changes from v2: * Extend tst-tunables with tunables aliases tests. * Use warning instead of an error to indicate invalid tunables. * Fixed tunable_initialize for string aliases. Changes from v1: * Ignore most of the environment variables on security-sensitive mode. * Extend tests. Adhemerval Zanella (4): elf: Do not duplicate the GLIBC_TUNABLES string elf: Ignore loader debug env vars for setuid elf: Ignore LD_BIND_NOW and LD_BIND_NOT for setuid binaries elf: Refactor process_envvars elf/dl-tunables.c | 90 +++++----- elf/dl-tunables.h | 6 +- elf/rtld.c | 108 ++++++++---- elf/tst-env-setuid.c | 8 +- elf/tst-tunables.c | 66 ++++++- sysdeps/generic/dl-tunables-parse.h | 134 ++++++++++++++ sysdeps/generic/unsecvars.h | 4 + sysdeps/s390/cpu-features.c | 165 +++++++----------- .../unix/sysv/linux/aarch64/cpu-features.c | 33 ++-- .../unix/sysv/linux/powerpc/cpu-features.c | 45 ++--- .../sysv/linux/powerpc/tst-hwcap-tunables.c | 6 +- sysdeps/x86/Makefile | 4 +- sysdeps/x86/cpu-tunables.c | 118 +++++-------- sysdeps/x86/tst-hwcap-tunables.c | 148 ++++++++++++++++ 14 files changed, 619 insertions(+), 316 deletions(-) create mode 100644 sysdeps/generic/dl-tunables-parse.h create mode 100644 sysdeps/x86/tst-hwcap-tunables.c