__tunables_init happens very early (before libc ifunc resolvers are run). it should not unnecessarily introduce failures, but it allocates memory in tunables_strdup. this is only needed in setuid executables when the GLIBC_TUNABLES env var has to be sanitized, so there should be no failure mode in other cases. with static pie __tunables_init will happen before self relocation (after bug 27072 is fixed) so complex code like _dl_fatal_printf should not be used there otherwise it's hard to guarantee that there are no relocations.
The master branch has been updated by Szabolcs Nagy <nsz@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bfe04789a8d9014cf3177137651f8f93dd4a00ca commit bfe04789a8d9014cf3177137651f8f93dd4a00ca Author: Szabolcs Nagy <szabolcs.nagy@arm.com> Date: Tue Jan 12 16:28:27 2021 +0000 elf: Avoid RELATIVE relocs in __tunables_init With static pie linking pointers in the tunables list need RELATIVE relocs since the absolute address is not known at link time. We want to avoid relocations so the static pie self relocation can be done after tunables are initialized. This is a simple fix that embeds the tunable strings into the tunable list instead of using pointers. It is possible to have a more compact representation of tunables with some additional complexity in the generator and tunable parser logic. Such optimization will be useful if the list of tunables grows. There is still an issue that tunables_strdup allocates and the failure handling code path is sufficiently complex that it can easily have RELATIVE relocations. It is possible to avoid the early allocation and only change environment variables in a setuid exe after relocations are processed. But that is a bigger change and early failure is fatal anyway so it is not as critical to fix right away. This is bug 27181. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Fixed on 2.39 (commit 2a969b53c0b02fed7e43473a92f219d737fd217a).