From patchwork Thu Oct 22 06:18:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Siddhesh Poyarekar X-Patchwork-Id: 40809 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 8D9EF384B806; Thu, 22 Oct 2020 06:18:57 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 8D9EF384B806 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1603347537; bh=e5VlWcLrwOye/Q1YG2mpqbuGZrOWDIqhSVydJn2H+GU=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=v7z8aqfIrz5NIDkyw/kDZi8QvXhKwvQMYaQ2I6BOBrhCNeAzNW+RahoUnx4YgLlKy kZGCkG11dcbHP3tQTYwpuHJtGmTij9Tkno6an0bgoOtg2aOXFEEao4nMq5vd7qGELR KZ7B/z/g3wR//lZXRUV3LftBe159iMvspdz/mdwo= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from camel.birch.relay.mailchannels.net (camel.birch.relay.mailchannels.net [23.83.209.29]) by sourceware.org (Postfix) with ESMTPS id D99323857805 for ; Thu, 22 Oct 2020 06:18:54 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org D99323857805 X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 345A621AD4 for ; Thu, 22 Oct 2020 06:18:53 +0000 (UTC) Received: from pdx1-sub0-mail-a95.g.dreamhost.com (100-96-12-57.trex.outbound.svc.cluster.local [100.96.12.57]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 915C7219C1 for ; Thu, 22 Oct 2020 06:18:50 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from pdx1-sub0-mail-a95.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.18.10); Thu, 22 Oct 2020 06:18:53 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Whistle-Trail: 123a84575d416a97_1603347530889_3311629912 X-MC-Loop-Signature: 1603347530889:3402345782 X-MC-Ingress-Time: 1603347530889 Received: from pdx1-sub0-mail-a95.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a95.g.dreamhost.com (Postfix) with ESMTP id A8017B69EF for ; Wed, 21 Oct 2020 23:18:48 -0700 (PDT) Received: from rhbox.redhat.com (unknown [123.252.202.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a95.g.dreamhost.com (Postfix) with ESMTPSA id 9A6FCB69EE for ; Wed, 21 Oct 2020 23:18:46 -0700 (PDT) X-DH-BACKEND: pdx1-sub0-mail-a95 To: libc-alpha@sourceware.org Subject: [PATCH] Reword description of SXID_* tunable properties Date: Thu, 22 Oct 2020 11:48:18 +0530 Message-Id: <20201022061818.74951-1-siddhesh@sourceware.org> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 X-Spam-Status: No, score=-10.4 required=5.0 tests=BAYES_00, GIT_PATCH_0, JMQ_SPF_NEUTRAL, KAM_DMARC_NONE, KAM_DMARC_STATUS, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NEUTRAL, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Siddhesh Poyarekar via Libc-alpha From: Siddhesh Poyarekar Reply-To: Siddhesh Poyarekar Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" The SXID_* tunable properties only influence processes that are AT_SECURE, so make that a bit more explicit in the documentation and comment. Revisiting the code after a few years I managed to confuse myself, so I imagine there could be others who may have incorrectly assumed like I did that the SXID_ERASE tunables are not inherited by children of non-AT_SECURE processes. --- elf/dl-tunables.list | 11 ++++++----- manual/README.tunables | 11 ++++++----- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/elf/dl-tunables.list b/elf/dl-tunables.list index 35634ef24d..e1d8225128 100644 --- a/elf/dl-tunables.list +++ b/elf/dl-tunables.list @@ -21,12 +21,13 @@ # minval: Optional minimum acceptable value # maxval: Optional maximum acceptable value # env_alias: An alias environment variable -# security_level: Specify security level of the tunable. Valid values are: +# security_level: Specify security level of the tunable for AT_SECURE binaries. +# Valid values are: # -# SXID_ERASE: (default) Don't read for AT_SECURE binaries and -# removed so that child processes can't read it. -# SXID_IGNORE: Don't read for AT_SECURE binaries, but retained for -# non-AT_SECURE subprocesses. +# SXID_ERASE: (default) Do not read and do not pass on to +# child processes. +# SXID_IGNORE: Do not read, but retain for non-AT_SECURE +# subprocesses. # NONE: Read all the time. glibc { diff --git a/manual/README.tunables b/manual/README.tunables index fff6c2a87e..d8c768abcc 100644 --- a/manual/README.tunables +++ b/manual/README.tunables @@ -59,12 +59,13 @@ The list of allowed attributes are: - env_alias: An alias environment variable -- security_level: Specify security level of the tunable. Valid values: +- security_level: Specify security level of the tunable for AT_SECURE + binaries. Valid values are: - SXID_ERASE: (default) Don't read for AT_SECURE binaries and - removed so that child processes can't read it. - SXID_IGNORE: Don't read for AT_SECURE binaries, but retained for - non-AT_SECURE subprocesses. + SXID_ERASE: (default) Do not read and do not pass on to + child processes. + SXID_IGNORE: Do not read, but retain for non-AT_SECURE + child processes. NONE: Read all the time. 2. Use TUNABLE_GET/TUNABLE_SET/TUNABLE_SET_WITH_BOUNDS to get and set tunables.