mirror of
https://sourceware.org/git/glibc.git
synced 2025-01-07 01:50:07 +00:00
Drop GLIBC_TUNABLES for setxid programs when tunables is disabled (bz #21073)
A setxid program that uses a glibc with tunables disabled may pass on GLIBC_TUNABLES as is to its child processes. If the child process ends up using a different glibc that has tunables enabled, it will end up getting access to unsafe tunables. To fix this, remove GLIBC_TUNABLES from the environment for setxid process. * sysdeps/generic/unsecvars.h: Add GLIBC_TUNABLES. * elf/tst-env-setuid-tunables.c (test_child_tunables)[!HAVE_TUNABLES]: Verify that GLIBC_TUNABLES is removed in a setgid process.
This commit is contained in:
parent
8b9e9c3c0b
commit
ed8d5ffd0a
@ -1,5 +1,10 @@
|
|||||||
2017-02-02 Siddhesh Poyarekar <siddhesh@sourceware.org>
|
2017-02-02 Siddhesh Poyarekar <siddhesh@sourceware.org>
|
||||||
|
|
||||||
|
* sysdeps/generic/unsecvars.h: Add GLIBC_TUNABLES.
|
||||||
|
* elf/tst-env-setuid-tunables.c
|
||||||
|
(test_child_tunables)[!HAVE_TUNABLES]: Verify that
|
||||||
|
GLIBC_TUNABLES is removed in a setgid process.
|
||||||
|
|
||||||
[BZ #21073]
|
[BZ #21073]
|
||||||
* elf/dl-tunable-types.h (tunable_seclevel_t): New enum.
|
* elf/dl-tunable-types.h (tunable_seclevel_t): New enum.
|
||||||
* elf/dl-tunables.c (tunables_strdup): Remove.
|
* elf/dl-tunables.c (tunables_strdup): Remove.
|
||||||
|
@ -36,6 +36,7 @@ test_child_tunables (void)
|
|||||||
{
|
{
|
||||||
const char *val = getenv ("GLIBC_TUNABLES");
|
const char *val = getenv ("GLIBC_TUNABLES");
|
||||||
|
|
||||||
|
#if HAVE_TUNABLES
|
||||||
if (val != NULL && strcmp (val, CHILD_VALSTRING_VALUE) == 0)
|
if (val != NULL && strcmp (val, CHILD_VALSTRING_VALUE) == 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
@ -43,6 +44,14 @@ test_child_tunables (void)
|
|||||||
printf ("Unexpected GLIBC_TUNABLES VALUE %s\n", val);
|
printf ("Unexpected GLIBC_TUNABLES VALUE %s\n", val);
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
|
#else
|
||||||
|
if (val != NULL)
|
||||||
|
{
|
||||||
|
printf ("GLIBC_TUNABLES not cleared\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
|
@ -1,9 +1,16 @@
|
|||||||
|
#if !HAVE_TUNABLES
|
||||||
|
# define GLIBC_TUNABLES_ENVVAR "GLIBC_TUNABLES\0"
|
||||||
|
#else
|
||||||
|
# define GLIBC_TUNABLES_ENVVAR
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Environment variable to be removed for SUID programs. The names are
|
/* Environment variable to be removed for SUID programs. The names are
|
||||||
all stuffed in a single string which means they have to be terminated
|
all stuffed in a single string which means they have to be terminated
|
||||||
with a '\0' explicitly. */
|
with a '\0' explicitly. */
|
||||||
#define UNSECURE_ENVVARS \
|
#define UNSECURE_ENVVARS \
|
||||||
"GCONV_PATH\0" \
|
"GCONV_PATH\0" \
|
||||||
"GETCONF_DIR\0" \
|
"GETCONF_DIR\0" \
|
||||||
|
GLIBC_TUNABLES_ENVVAR \
|
||||||
"HOSTALIASES\0" \
|
"HOSTALIASES\0" \
|
||||||
"LD_AUDIT\0" \
|
"LD_AUDIT\0" \
|
||||||
"LD_DEBUG\0" \
|
"LD_DEBUG\0" \
|
||||||
|
Loading…
Reference in New Issue
Block a user