This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCHv2 0/2] Environment variable security and tunables
- From: Siddhesh Poyarekar <siddhesh at sourceware dot org>
- To: libc-alpha at sourceware dot org
- Cc: fweimer at redhat dot com
- Date: Wed, 1 Feb 2017 17:07:56 +0530
- Subject: [PATCHv2 0/2] Environment variable security and tunables
- Authentication-results: sourceware.org; auth=none
Hi,
Here's take 2 of the patchset that fixes environment variable processing for
AT_SECURE processes. The second patch removes GLIBC_TUNABLES from AT_SECURE
processes even when tunables are not built, to avoid passing on the variable
(and hence unsafe tunables) to child processes who may end up loading a glibc
with tunables enabled.
I also have a patch pending review that marks GLIBC_TUNABLES as insecure
for 2.24 and earlier:
https://sourceware.org/ml/libc-alpha/2017-01/msg00555.html
Changes:
- Fixed the broken logic to erase tunables from the valstring
- Added a couple of tests to verify the removal
- Marked GLIBC_TUNABLES insecure in unsecvars.h
Siddhesh
Siddhesh Poyarekar (2):
tunables: Fix environment variable processing for setuid binaries
Drop GLIBC_TUNABLES for setxid programs when tunables is disabled
elf/Makefile | 6 +-
elf/dl-tunable-types.h | 15 +++
elf/dl-tunables.c | 172 +++++++++++++++++++-------
elf/dl-tunables.h | 15 ++-
elf/dl-tunables.list | 16 ++-
elf/tst-env-setuid-tunables.c | 69 +++++++++++
elf/tst-env-setuid.c | 282 ++++++++++++++++++++++++++++++++++++++++++
scripts/gen-tunables.awk | 8 +-
sysdeps/generic/unsecvars.h | 7 ++
9 files changed, 531 insertions(+), 59 deletions(-)
create mode 100644 elf/tst-env-setuid-tunables.c
create mode 100644 elf/tst-env-setuid.c
--
2.7.4