This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 1/2] tunables: Fix environment variable processing for setuid binaries
- From: Siddhesh Poyarekar <siddhesh at sourceware dot org>
- To: Carlos O'Donell <carlos at redhat dot com>, Florian Weimer <fweimer at redhat dot com>, libc-alpha at sourceware dot org
- Date: Wed, 1 Feb 2017 17:10:45 +0530
- Subject: Re: [PATCH 1/2] tunables: Fix environment variable processing for setuid binaries
- Authentication-results: sourceware.org; auth=none
- References: <1485709870-25804-1-git-send-email-siddhesh@sourceware.org> <1485709870-25804-2-git-send-email-siddhesh@sourceware.org> <51584556-1411-112c-cc30-d19c93b1298b@redhat.com> <3a438975-d6e5-304a-7328-a60e7b6a6555@sourceware.org> <a5f98e2d-9f6d-3e3f-a111-8555c1412059@redhat.com>
- Reply-to: siddhesh at sourceware dot org
On Wednesday 01 February 2017 10:31 AM, Carlos O'Donell wrote:
> We really need a GLIBC_PRIVATE get/set API for regression testing all of
> these changes. Work for 2.26 I guess.
I have added a couple of test cases now that should at least do some
rudimentary verification of the routines that remove tunables form the
valstring and environment. We may still need something that exercises
the tunable_list to see if the level 2 tunables are correctly ignored in
setuid binaries but still passed on to the child. That or come to a
consensus on whether to mark them as level 3 variables and simply drop
them form the environment/valstring.
Siddhesh