This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH][2.24] Drop GLIBC_TUNABLES in setxid processes
- From: Siddhesh Poyarekar <siddhesh at gotplt dot org>
- To: libc-alpha at sourceware dot org
- Cc: fweimer at redhat dot com
- Date: Thu, 2 Feb 2017 16:17:54 +0530
- Subject: Re: [PATCH][2.24] Drop GLIBC_TUNABLES in setxid processes
- Authentication-results: sourceware.org; auth=none
- References: <1485713519-29418-1-git-send-email-siddhesh@sourceware.org>
I've pushed this because it is now essentially just a backport of 2/2 of
the tunables environment variable fixes.
Siddhesh
On Sunday 29 January 2017 11:41 PM, Siddhesh Poyarekar wrote:
> Drop the GLIBC_TUNABLES environment variable from the environment of
> setxid processes to avoid passing it on to non-setxid children. This
> prevents potentially insecure tunables in the GLIBC_TUNABLES envvar
> from crossing over into a child that may use a libc that has tunables
> support.
>
> Tested on x86_64. If this has an ack, I'll backport it to 2.23
> and 2.22. Distro maintainers please feel free to backport it further
> down if needed.
>
> Siddhesh
>
> * sysdeps/generic/unsecvars.h: Add GLIBC_TUNABLES.
> ---
> sysdeps/generic/unsecvars.h | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h
> index d5b8119..3e56538 100644
> --- a/sysdeps/generic/unsecvars.h
> +++ b/sysdeps/generic/unsecvars.h
> @@ -4,6 +4,7 @@
> #define UNSECURE_ENVVARS \
> "GCONV_PATH\0" \
> "GETCONF_DIR\0" \
> + "GLIBC_TUNABLES\0" \
> "HOSTALIASES\0" \
> "LD_AUDIT\0" \
> "LD_DEBUG\0" \
>