This is the mail archive of the
mailing list for the glibc project.
[Bug libc/21073] New: tunables: insecure environment variables passed to subprocesses with AT_SECURE
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Mon, 23 Jan 2017 10:22:58 +0000
- Subject: [Bug libc/21073] New: tunables: insecure environment variables passed to subprocesses with AT_SECURE
- Auto-submitted: auto-generated
Bug ID: 21073
Summary: tunables: insecure environment variables passed to
subprocesses with AT_SECURE
Assignee: unassigned at sourceware dot org
Reporter: fweimer at redhat dot com
CC: drepper.fsp at gmail dot com
Target Milestone: ---
Without tunables, MALLOC_CHECK_ is stripped from the environment, so that it is
not accidentally passed to subprocesses. (The intent is that subprocesses do
not inadvertently pick up malicious environment settings.)
This does no longer happen if tunables are enabled. Similarly, the
GLIBC_TUNABLES variable is not rewritten to drop the equivalent option, either.
To reproduce this, I created a small test program and made it SUID root:
Running it as an ordinary user should result in no output:
GLIBC_TUNABLES=glibc.malloc.check=0 LD_DEBUG=files MALLOC_CHECK_=0 ./a.out \
| egrep '^(LD|MALLOC|GLIBC)_'
But I get this output:
(Without tunables support, the GLIBC_TUNABLES variable may still be printed.)
You are receiving this mail because:
You are on the CC list for the bug.