[v3,01/19] elf: Remove /etc/suid-debug support
Checks
Context |
Check |
Description |
redhat-pt-bot/TryBot-apply_patch |
success
|
Patch applied to master at the time it was sent
|
Commit Message
Since malloc debug support moved to a different library
(libc_malloc_debug.so), the glibc.malloc.check requires preloading the
debug library to enable it. It means that suid-debug support has not
been working since 2.34.
To restore its support, it would require to add additional information
and parsing to where to find libc_malloc_debug.so.
It is one thing less that might change AT_SECURE binaries' behavior
due to environment configurations.
Checked on x86_64-linux-gnu.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
---
elf/dl-tunables.c | 16 ----------------
elf/rtld.c | 3 +--
manual/memory.texi | 4 +---
manual/tunables.texi | 4 +---
4 files changed, 3 insertions(+), 24 deletions(-)
@@ -252,20 +252,6 @@ parse_tunables (char *tunestr, char *valstring)
tunestr[off] = '\0';
}
-/* Enable the glibc.malloc.check tunable in SETUID/SETGID programs only when
- the system administrator has created the /etc/suid-debug file. This is a
- special case where we want to conditionally enable/disable a tunable even
- for setuid binaries. We use the special version of access() to avoid
- setting ERRNO, which is a TLS variable since TLS has not yet been set
- up. */
-static __always_inline void
-maybe_enable_malloc_check (void)
-{
- tunable_id_t id = TUNABLE_ENUM_NAME (glibc, malloc, check);
- if (__libc_enable_secure && __access_noerrno ("/etc/suid-debug", F_OK) == 0)
- tunable_list[id].security_level = TUNABLE_SECLEVEL_NONE;
-}
-
/* Initialize the tunables list from the environment. For now we only use the
ENV_ALIAS to find values. Later we will also use the tunable names to find
values. */
@@ -277,8 +263,6 @@ __tunables_init (char **envp)
size_t len = 0;
char **prev_envp = envp;
- maybe_enable_malloc_check ();
-
while ((envp = get_next_env (envp, &envname, &len, &envval,
&prev_envp)) != NULL)
{
@@ -2670,8 +2670,7 @@ process_envvars (struct dl_main_state *state)
}
while (*nextp != '\0');
- if (__access ("/etc/suid-debug", F_OK) != 0)
- GLRO(dl_debug_mask) = 0;
+ GLRO(dl_debug_mask) = 0;
if (state->mode != rtld_mode_normal)
_exit (5);
@@ -1379,9 +1379,7 @@ There is one problem with @code{MALLOC_CHECK_}: in SUID or SGID binaries
it could possibly be exploited since diverging from the normal programs
behavior it now writes something to the standard error descriptor.
Therefore the use of @code{MALLOC_CHECK_} is disabled by default for
-SUID and SGID binaries. It can be enabled again by the system
-administrator by adding a file @file{/etc/suid-debug} (the content is
-not important it could be empty).
+SUID and SGID binaries.
So, what's the difference between using @code{MALLOC_CHECK_} and linking
with @samp{-lmcheck}? @code{MALLOC_CHECK_} is orthogonal with respect to
@@ -136,9 +136,7 @@ termination of the process.
Like @env{MALLOC_CHECK_}, @code{glibc.malloc.check} has a problem in that it
diverges from normal program behavior by writing to @code{stderr}, which could
by exploited in SUID and SGID binaries. Therefore, @code{glibc.malloc.check}
-is disabled by default for SUID and SGID binaries. This can be enabled again
-by the system administrator by adding a file @file{/etc/suid-debug}; the
-content of the file could be anything or even empty.
+is disabled by default for SUID and SGID binaries.
@end deftp
@deftp Tunable glibc.malloc.top_pad