Reword description of SXID_* tunable properties

The SXID_* tunable properties only influence processes that are AT_SECURE, so make that a bit more explicit in the documentation and comment. Revisiting the code after a few years I managed to confuse myself, so I imagine there could be others who may have incorrectly assumed like I did that the SXID_ERASE tunables are not inherited by children of non-AT_SECURE processes. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-11-08 14:20:07 +00:00 · 2020-10-22 11:39:00 +05:30 · 2020-10-22 11:39:00 +05:30 · 6c2b579962
commit 6c2b579962
parent 4be44c3208
2 changed files with 12 additions and 10 deletions
--- a/elf/dl-tunables.list
+++ b/elf/dl-tunables.list
@ -21,12 +21,13 @@
 # minval: Optional minimum acceptable value
 # maxval: Optional maximum acceptable value
 # env_alias: An alias environment variable
-# security_level: Specify security level of the tunable.  Valid values are:
+# security_level: Specify security level of the tunable for AT_SECURE binaries.
+# 		  Valid values are:
 #
-# 	     SXID_ERASE: (default) Don't read for AT_SECURE binaries and
-# 	     		 removed so that child processes can't read it.
-# 	     SXID_IGNORE: Don't read for AT_SECURE binaries, but retained for
-# 	     		  non-AT_SECURE subprocesses.
+# 	     SXID_ERASE: (default) Do not read and do not pass on to
+# 	     child processes.
+# 	     SXID_IGNORE: Do not read, but retain for non-AT_SECURE
+# 	     subprocesses.
 # 	     NONE: Read all the time.

 glibc {
--- a/manual/README.tunables
+++ b/manual/README.tunables
@ -59,12 +59,13 @@ The list of allowed attributes are:

 - env_alias:		An alias environment variable

- security_level:	Specify security level of the tunable.  Valid values:
+- security_level:	Specify security level of the tunable for AT_SECURE
+			binaries.  Valid values are:

-			SXID_ERASE: (default) Don't read for AT_SECURE binaries and
-				    removed so that child processes can't read it.
-			SXID_IGNORE: Don't read for AT_SECURE binaries, but retained for
-				     non-AT_SECURE subprocesses.
+			SXID_ERASE: (default) Do not read and do not pass on to
+			child processes.
+			SXID_IGNORE: Do not read, but retain for non-AT_SECURE
+			child processes.
 			NONE: Read all the time.

 2. Use TUNABLE_GET/TUNABLE_SET/TUNABLE_SET_WITH_BOUNDS to get and set tunables.