mirror of
https://sourceware.org/git/glibc.git
synced 2025-01-03 16:21:06 +00:00
Drop GLIBC_TUNABLES for setxid programs when tunables is disabled (bz #21073)
A setxid program that uses a glibc with tunables disabled may pass on GLIBC_TUNABLES as is to its child processes. If the child process ends up using a different glibc that has tunables enabled, it will end up getting access to unsafe tunables. To fix this, remove GLIBC_TUNABLES from the environment for setxid process. * sysdeps/generic/unsecvars.h: Add GLIBC_TUNABLES. * elf/tst-env-setuid-tunables.c (test_child_tunables)[!HAVE_TUNABLES]: Verify that GLIBC_TUNABLES is removed in a setgid process.
This commit is contained in:
parent
8b9e9c3c0b
commit
ed8d5ffd0a
@ -1,5 +1,10 @@
|
||||
2017-02-02 Siddhesh Poyarekar <siddhesh@sourceware.org>
|
||||
|
||||
* sysdeps/generic/unsecvars.h: Add GLIBC_TUNABLES.
|
||||
* elf/tst-env-setuid-tunables.c
|
||||
(test_child_tunables)[!HAVE_TUNABLES]: Verify that
|
||||
GLIBC_TUNABLES is removed in a setgid process.
|
||||
|
||||
[BZ #21073]
|
||||
* elf/dl-tunable-types.h (tunable_seclevel_t): New enum.
|
||||
* elf/dl-tunables.c (tunables_strdup): Remove.
|
||||
|
@ -36,6 +36,7 @@ test_child_tunables (void)
|
||||
{
|
||||
const char *val = getenv ("GLIBC_TUNABLES");
|
||||
|
||||
#if HAVE_TUNABLES
|
||||
if (val != NULL && strcmp (val, CHILD_VALSTRING_VALUE) == 0)
|
||||
return 0;
|
||||
|
||||
@ -43,6 +44,14 @@ test_child_tunables (void)
|
||||
printf ("Unexpected GLIBC_TUNABLES VALUE %s\n", val);
|
||||
|
||||
return 1;
|
||||
#else
|
||||
if (val != NULL)
|
||||
{
|
||||
printf ("GLIBC_TUNABLES not cleared\n");
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
static int
|
||||
|
@ -1,9 +1,16 @@
|
||||
#if !HAVE_TUNABLES
|
||||
# define GLIBC_TUNABLES_ENVVAR "GLIBC_TUNABLES\0"
|
||||
#else
|
||||
# define GLIBC_TUNABLES_ENVVAR
|
||||
#endif
|
||||
|
||||
/* Environment variable to be removed for SUID programs. The names are
|
||||
all stuffed in a single string which means they have to be terminated
|
||||
with a '\0' explicitly. */
|
||||
#define UNSECURE_ENVVARS \
|
||||
"GCONV_PATH\0" \
|
||||
"GETCONF_DIR\0" \
|
||||
GLIBC_TUNABLES_ENVVAR \
|
||||
"HOSTALIASES\0" \
|
||||
"LD_AUDIT\0" \
|
||||
"LD_DEBUG\0" \
|
||||
|
Loading…
Reference in New Issue
Block a user