The LD_HWCAP_MASK environment variable may alter the selection of
function variants for some architectures. For AT_SECURE process it
means that if an outdated routine has a bug that would otherwise not
affect newer platforms by default, LD_HWCAP_MASK will allow that bug
to be exploited.
To be on the safe side, ignore and disable LD_HWCAP_MASK for setuid
binaries.
[BZ #21209]
* elf/rtld.c (process_envvars): Ignore LD_HWCAP_MASK for
AT_SECURE processes.
* sysdeps/generic/unsecvars.h: Add LD_HWCAP_MASK.
* elf/tst-env-setuid.c (test_parent): Test LD_HWCAP_MASK.
(test_child): Likewise.
* elf/Makefile (tst-env-setuid-ENV): Add LD_HWCAP_MASK.
A setxid program that uses a glibc with tunables disabled may pass on
GLIBC_TUNABLES as is to its child processes. If the child process
ends up using a different glibc that has tunables enabled, it will end
up getting access to unsafe tunables. To fix this, remove
GLIBC_TUNABLES from the environment for setxid process.
* sysdeps/generic/unsecvars.h: Add GLIBC_TUNABLES.
* elf/tst-env-setuid-tunables.c
(test_child_tunables)[!HAVE_TUNABLES]: Verify that
GLIBC_TUNABLES is removed in a setgid process.
2004-12-01 Jakub Jelinek <jakub@redhat.com>
* elf/rtld.c (process_envvars): Don't consider LD_SHOW_AUXV
and LD_DYNAMIC_WEAK if __libc_enable_secure.
If __libc_enable_secure, /etc/suid-debug doesn't exist and
program will be actually run, turn off all debugging.
* sysdeps/generic/unsecvars.h (UNSECURE_ENVVARS): Add LD_DEBUG,
LD_DYNAMIC_WEAK and LD_SHOW_AUXV.
2003-11-25 Ulrich Drepper <drepper@redhat.com>
* posix/runptests.c (main): Make errors fatal.
* posix/PTESTS: One test in GA135 and GA136 check functionality
which seems not guaranteed.
2003-11-25 Jakub Jelinek <jakub@redhat.com>
* posix/regexec.c (re_search_internal): If prune_impossible_nodes
returned REG_NOMATCH, set match_last to -1. Don't initialize
pmatch[0] needlessly. Fix comment.
(prune_impossible_nodes): Don't segfault on NULL state_log entry.
(set_regs): Fix comment.
* posix/regcomp.c (parse_bracket_exp): Only set has_plural_match
if adding both SIMPLE_BRACKET and COMPLEX_BRACKET.
(build_charclass_op): Set has_plural_match if adding both
SIMPLE_BRACKET and COMPLEX_BRACKET.
* posix/bug-regex11.c (tests): Fix register values for one commented
out test. Add new tests.
* posix/regex_internal.c (re_string_allocate): Make sure init_len
is at least dfa->mb_cur_max.
(re_string_reconstruct): If is_utf8, don't fall back into
re_string_skip_chars just because idx points into a middle of
valid UTF-8 character. Instead, set the wcs bytes which correspond
to the partial character bytes to WEOF.
* posix/regexec.c (re_search_internal): Allocate input.bufs_len + 1
instead of dfa->nodes_len + 1 state_log entries initially.
* posix/bug-regex20.c (main): Uncomment backwards case insensitive
tests.
* elf/elf.h: Add dynamic tag definitions for prelinking.
* elf/rtld.c (process_envvars): Avoid using array of string pointers.
Rewrite code to remove environment varables for SUID binaries.
Small optimization in LD_PROFILE handling.
* sysdeps/generic/unsecvars.h: Adjust format for process_envvars
changes.
* sysdeps/unix/sysv/linux/i386/dl-librecon.h: Likewise.
* sysdeps/generic/dl-sysdep.c: Don't initialize _dl_cpuclock_offset.
