This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.25-153-g65eff7f
- From: siddhesh at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 24 Mar 2017 05:38:58 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.25-153-g65eff7f
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 65eff7fbdbddad8c1f9af7cb48cd3b5dca3c5c9d (commit)
from 8d2030d659791184ecac8de9d6e1403b316a94c2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=65eff7fbdbddad8c1f9af7cb48cd3b5dca3c5c9d
commit 65eff7fbdbddad8c1f9af7cb48cd3b5dca3c5c9d
Author: Sunyeop Lee <sunyeop97@gmail.com>
Date: Fri Mar 24 11:08:28 2017 +0530
Update old tunables framework document/script.
Since commit 8b9e9c3c0bae497ad5e2d0ae2f333f62feddcc12, security_level replaces
is_secure. There were some old files need to be updated.
2017-03-23 Sunyeop Lee <sunyeop97@gmail.com>
* README.tunables: Updated descriptions.
* elf/dl-tunables.list: Fixed typo: SXID_NONE -> NONE.
* scripts/gen-tunables.awk: Updated the code related to the commit.
diff --git a/ChangeLog b/ChangeLog
index 4ec8d83..205652b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2017-03-24 Sunyeop Lee <sunyeop97@gmail.com>
+
+ * README.tunables: Updated descriptions.
+ * elf/dl-tunables.list: Fixed typo: SXID_NONE -> NONE.
+ * scripts/gen-tunables.awk: Updated the code related to the
+ commit.
+
2017-03-23 Wilco Dijkstra <wdijkstr@arm.com>
* benchtests/Makefile (string-benchset): Add memcpy-random.
diff --git a/README.tunables b/README.tunables
index df74f3b..aace2fc 100644
--- a/README.tunables
+++ b/README.tunables
@@ -58,13 +58,13 @@ The list of allowed attributes are:
- env_alias: An alias environment variable
-- is_secure: Specify whether the tunable should be read for setuid
- binaries. True allows the tunable to be read for
- setuid binaries while false disables it. Note that
- even if this is set as true and the value is read, it
- may not be used if it does not validate against the
- acceptable values or is not considered safe by the
- module.
+- security_level: Specify security level of the tunable. Valid values:
+
+ SXID_ERASE: (default) Don't read for AT_SECURE binaries and
+ removed so that child processes can't read it.
+ SXID_IGNORE: Don't read for AT_SECURE binaries, but retained for
+ non-AT_SECURE subprocesses.
+ NONE: Read all the time.
2. Call either the TUNABLE_SET_VALUE and pass into it the tunable name and a
pointer to the variable that should be set with the tunable value.
diff --git a/elf/dl-tunables.list b/elf/dl-tunables.list
index cb9e8f1..b9f1488 100644
--- a/elf/dl-tunables.list
+++ b/elf/dl-tunables.list
@@ -27,7 +27,7 @@
# removed so that child processes can't read it.
# SXID_IGNORE: Don't read for AT_SECURE binaries, but retained for
# non-AT_SECURE subprocesses.
-# SXID_NONE: Read all the time.
+# NONE: Read all the time.
glibc {
malloc {
diff --git a/scripts/gen-tunables.awk b/scripts/gen-tunables.awk
index e7bfc22..601240a 100644
--- a/scripts/gen-tunables.awk
+++ b/scripts/gen-tunables.awk
@@ -51,8 +51,8 @@ $1 == "}" {
if (!env_alias[top_ns][ns][tunable]) {
env_alias[top_ns][ns][tunable] = "NULL"
}
- if (!is_secure[top_ns][ns][tunable]) {
- is_secure[top_ns][ns][tunable] = "SXID_ERASE"
+ if (!security_level[top_ns][ns][tunable]) {
+ security_level[top_ns][ns][tunable] = "SXID_ERASE"
}
tunable = ""
@@ -104,12 +104,12 @@ $1 == "}" {
}
else if (attr == "security_level") {
if (val == "SXID_ERASE" || val == "SXID_IGNORE" || val == "NONE") {
- is_secure[top_ns][ns][tunable] = val
+ security_level[top_ns][ns][tunable] = val
}
else {
- printf("Line %d: Invalid value (%s) for is_secure: %s, ", NR, val,
+ printf("Line %d: Invalid value (%s) for security_level: %s, ", NR, val,
$0)
- print("Allowed values are 'true' or 'false'")
+ print("Allowed values are 'SXID_ERASE', 'SXID_IGNORE', or 'NONE'")
exit 1
}
}
@@ -148,7 +148,7 @@ END {
printf (" {TUNABLE_NAME_S(%s, %s, %s)", t, n, m)
printf (", {TUNABLE_TYPE_%s, %s, %s}, {.numval = 0}, NULL, TUNABLE_SECLEVEL_%s, %s},\n",
types[t][n][m], minvals[t][n][m], maxvals[t][n][m],
- is_secure[t][n][m], env_alias[t][n][m]);
+ security_level[t][n][m], env_alias[t][n][m]);
}
}
}
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 7 +++++++
README.tunables | 14 +++++++-------
elf/dl-tunables.list | 2 +-
scripts/gen-tunables.awk | 12 ++++++------
4 files changed, 21 insertions(+), 14 deletions(-)
hooks/post-receive
--
GNU C Library master sources