This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch master updated. glibc-2.25-153-g65eff7f

From: siddhesh at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 24 Mar 2017 05:38:58 -0000
Subject: GNU C Library master sources branch master updated. glibc-2.25-153-g65eff7f

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  65eff7fbdbddad8c1f9af7cb48cd3b5dca3c5c9d (commit)
      from  8d2030d659791184ecac8de9d6e1403b316a94c2 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=65eff7fbdbddad8c1f9af7cb48cd3b5dca3c5c9d

commit 65eff7fbdbddad8c1f9af7cb48cd3b5dca3c5c9d
Author: Sunyeop Lee <sunyeop97@gmail.com>
Date:   Fri Mar 24 11:08:28 2017 +0530

    Update old tunables framework document/script.
    
    Since commit 8b9e9c3c0bae497ad5e2d0ae2f333f62feddcc12, security_level replaces
    is_secure. There were some old files need to be updated.
    
    2017-03-23  Sunyeop Lee  <sunyeop97@gmail.com>
    
    	* README.tunables: Updated descriptions.
    	* elf/dl-tunables.list: Fixed typo: SXID_NONE -> NONE.
    	* scripts/gen-tunables.awk: Updated the code related to the commit.

diff --git a/ChangeLog b/ChangeLog
index 4ec8d83..205652b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2017-03-24  Sunyeop Lee  <sunyeop97@gmail.com>
+
+	* README.tunables: Updated descriptions.
+	* elf/dl-tunables.list: Fixed typo: SXID_NONE -> NONE.
+	* scripts/gen-tunables.awk: Updated the code related to the
+	commit.
+
 2017-03-23  Wilco Dijkstra  <wdijkstr@arm.com>
 
 	* benchtests/Makefile (string-benchset): Add memcpy-random.
diff --git a/README.tunables b/README.tunables
index df74f3b..aace2fc 100644
--- a/README.tunables
+++ b/README.tunables
@@ -58,13 +58,13 @@ The list of allowed attributes are:
 
 - env_alias:		An alias environment variable
 
-- is_secure:		Specify whether the tunable should be read for setuid
-			binaries.  True allows the tunable to be read for
-			setuid binaries while false disables it.  Note that
-			even if this is set as true and the value is read, it
-			may not be used if it does not validate against the
-			acceptable values or is not considered safe by the
-			module.
+- security_level:	Specify security level of the tunable.  Valid values:
+
+			SXID_ERASE: (default) Don't read for AT_SECURE binaries and
+				    removed so that child processes can't read it.
+			SXID_IGNORE: Don't read for AT_SECURE binaries, but retained for
+				     non-AT_SECURE subprocesses.
+			NONE: Read all the time.
 
 2. Call either the TUNABLE_SET_VALUE and pass into it the tunable name and a
    pointer to the variable that should be set with the tunable value.
diff --git a/elf/dl-tunables.list b/elf/dl-tunables.list
index cb9e8f1..b9f1488 100644
--- a/elf/dl-tunables.list
+++ b/elf/dl-tunables.list
@@ -27,7 +27,7 @@
 # 	     		 removed so that child processes can't read it.
 # 	     SXID_IGNORE: Don't read for AT_SECURE binaries, but retained for
 # 	     		  non-AT_SECURE subprocesses.
-# 	     SXID_NONE: Read all the time.
+# 	     NONE: Read all the time.
 
 glibc {
   malloc {
diff --git a/scripts/gen-tunables.awk b/scripts/gen-tunables.awk
index e7bfc22..601240a 100644
--- a/scripts/gen-tunables.awk
+++ b/scripts/gen-tunables.awk
@@ -51,8 +51,8 @@ $1 == "}" {
     if (!env_alias[top_ns][ns][tunable]) {
       env_alias[top_ns][ns][tunable] = "NULL"
     }
-    if (!is_secure[top_ns][ns][tunable]) {
-      is_secure[top_ns][ns][tunable] = "SXID_ERASE"
+    if (!security_level[top_ns][ns][tunable]) {
+      security_level[top_ns][ns][tunable] = "SXID_ERASE"
     }
 
     tunable = ""
@@ -104,12 +104,12 @@ $1 == "}" {
   }
   else if (attr == "security_level") {
     if (val == "SXID_ERASE" || val == "SXID_IGNORE" || val == "NONE") {
-      is_secure[top_ns][ns][tunable] = val
+      security_level[top_ns][ns][tunable] = val
     }
     else {
-      printf("Line %d: Invalid value (%s) for is_secure: %s, ", NR, val,
+      printf("Line %d: Invalid value (%s) for security_level: %s, ", NR, val,
 	     $0)
-      print("Allowed values are 'true' or 'false'")
+      print("Allowed values are 'SXID_ERASE', 'SXID_IGNORE', or 'NONE'")
       exit 1
     }
   }
@@ -148,7 +148,7 @@ END {
         printf ("  {TUNABLE_NAME_S(%s, %s, %s)", t, n, m)
         printf (", {TUNABLE_TYPE_%s, %s, %s}, {.numval = 0}, NULL, TUNABLE_SECLEVEL_%s, %s},\n",
 		types[t][n][m], minvals[t][n][m], maxvals[t][n][m],
-		is_secure[t][n][m], env_alias[t][n][m]);
+		security_level[t][n][m], env_alias[t][n][m]);
       }
     }
   }

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                |    7 +++++++
 README.tunables          |   14 +++++++-------
 elf/dl-tunables.list     |    2 +-
 scripts/gen-tunables.awk |   12 ++++++------
 4 files changed, 21 insertions(+), 14 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]