This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PING][PATCH 0/2] Environment variable security and tunables


Ping!

On Sunday 29 January 2017 10:41 PM, Siddhesh Poyarekar wrote:
> Here's a patchset that fixes environment variable processing for AT_SECURE
> processes.  The second patch removes GLIBC_TUNABLES from AT_SECURE processes
> even when tunables are not built, to avoid passing on the variable (and hence
> unsafe tunables) to child processes who may end up loading a glibc with
> tunables enabled.
> 
> I will follow up with a patch for 2.24 to add GLIBC_TUNABLES to
> unsecure-envvars.
> 
> Siddhesh
> 
> Siddhesh Poyarekar (2):
>   tunables: Fix environment variable processing for setuid binaries
>   Erase GLIBC_TUNABLES for setxid processes when tunables is disabled
> 
>  elf/dl-tunable-types.h   |  15 +++++
>  elf/dl-tunables.c        | 165 +++++++++++++++++++++++++++++------------------
>  elf/dl-tunables.h        |  64 ++++++++++++++++--
>  elf/dl-tunables.list     |  16 ++++-
>  scripts/gen-tunables.awk |   8 +--
>  5 files changed, 191 insertions(+), 77 deletions(-)
> 


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]