This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 0/2] Environment variable security and tunables
- From: Siddhesh Poyarekar <siddhesh at gotplt dot org>
- To: libc-alpha at sourceware dot org
- Cc: fweimer at redhat dot com
- Date: Wed, 25 Jan 2017 15:55:48 +0530
- Subject: Re: [PATCH 0/2] Environment variable security and tunables
- Authentication-results: sourceware.org; auth=none
- References: <1485336311-2119-1-git-send-email-siddhesh@sourceware.org>
Please ignore this, I botched up testing this so I'm repeating the test
and will post an updated patchset.
Siddhesh
On Wednesday 25 January 2017 02:55 PM, Siddhesh Poyarekar wrote:
> Hi,
>
> Here's a patchset that fixes environment variable processing for AT_SECURE
> processes. The second patch removes GLIBC_TUNABLES from AT_SECURE processes
> even when tunables are not built, to avoid passing on the variable (and hence
> unsafe tunables) to child processes who may end up loading a glibc with
> tunables enabled.
>
> I will follow up with a patch for 2.24 to add GLIBC_TUNABLES to
> unsecure-envvars.
>
> Siddhesh
>
> Siddhesh Poyarekar (2):
> tunables: Fix environment variable processing for setuid binaries
> Erase GLIBC_TUNABLES for setxid processes when tunables is disabled
>
> elf/dl-tunable-types.h | 15 +++++
> elf/dl-tunables.c | 165 +++++++++++++++++++++++++++++------------------
> elf/dl-tunables.h | 64 ++++++++++++++++--
> elf/dl-tunables.list | 16 ++++-
> scripts/gen-tunables.awk | 8 +--
> 5 files changed, 191 insertions(+), 77 deletions(-)
>