This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PING][PATCH 0/2] Environment variable security and tunables
- From: Siddhesh Poyarekar <siddhesh at gotplt dot org>
- To: libc-alpha at sourceware dot org
- Cc: fweimer at redhat dot com
- Date: Tue, 31 Jan 2017 16:56:14 +0530
- Subject: [PING][PATCH 0/2] Environment variable security and tunables
- Authentication-results: sourceware.org; auth=none
- References: <1485709870-25804-1-git-send-email-siddhesh@sourceware.org>
Ping!
On Sunday 29 January 2017 10:41 PM, Siddhesh Poyarekar wrote:
> Here's a patchset that fixes environment variable processing for AT_SECURE
> processes. The second patch removes GLIBC_TUNABLES from AT_SECURE processes
> even when tunables are not built, to avoid passing on the variable (and hence
> unsafe tunables) to child processes who may end up loading a glibc with
> tunables enabled.
>
> I will follow up with a patch for 2.24 to add GLIBC_TUNABLES to
> unsecure-envvars.
>
> Siddhesh
>
> Siddhesh Poyarekar (2):
> tunables: Fix environment variable processing for setuid binaries
> Erase GLIBC_TUNABLES for setxid processes when tunables is disabled
>
> elf/dl-tunable-types.h | 15 +++++
> elf/dl-tunables.c | 165 +++++++++++++++++++++++++++++------------------
> elf/dl-tunables.h | 64 ++++++++++++++++--
> elf/dl-tunables.list | 16 ++++-
> scripts/gen-tunables.awk | 8 +--
> 5 files changed, 191 insertions(+), 77 deletions(-)
>