AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-09-19 16:10:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
9c96c87d60
glibc/scripts
History
Adhemerval Zanella 9c96c87d60 elf: Ignore GLIBC_TUNABLES for setuid/setgid binaries 
The tunable privilege levels were a retrofit to try and keep the malloc
tunable environment variables' behavior unchanged across security
boundaries.  However, CVE-2023-4911 shows how tricky can be
tunable parsing in a security-sensitive environment.

Not only parsing, but the malloc tunable essentially changes some
semantics on setuid/setgid processes.  Although it is not a direct
security issue, allowing users to change setuid/setgid semantics is not
a good security practice, and requires extra code and analysis to check
if each tunable is safe to use on all security boundaries.

It also means that security opt-in features, like aarch64 MTE, would
need to be explicit enabled by an administrator with a wrapper script
or with a possible future system-wide tunable setting.

Co-authored-by: Siddhesh Poyarekar  <siddhesh@sourceware.org>
Reviewed-by: DJ Delorie <dj@redhat.com>
2023-11-21 16:15:42 -03:00
..
abi-versions.awk
abilist.awk Add GLIBC_ABI_DT_RELR for DT_RELR support 2022-04-26 10:16:11 -07:00
backport-support.sh Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
build-many-glibcs.py Use Linux 6.6 in build-many-glibcs.py 2023-10-31 13:36:51 +00:00
check-c++-types.sh Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
check-execstack.awk check-execstack: Permit sysdeps to xfail some libs 2018-07-20 03:28:14 +02:00
check-initfini.awk Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
check-installed-headers.sh scripts: Fix fortify checks if compiler does not support _FORTIFY_SOURCE=3 2023-07-20 17:58:26 -03:00
check-local-headers.sh Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
check-localplt.awk
check-obsolete-constructs.py Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
check-textrel.awk
check-wrapper-headers.py Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
check-wx-segment.py Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
config-uname.sh
config.guess Update scripts/config.* files from upstream GNU config version 2022-07-19 09:32:19 -03:00
config.sub Update scripts/config.* files from upstream GNU config version 2022-07-19 09:32:19 -03:00
cpp
cross-test-ssh.sh Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
documented.sh crypt: Remove libcrypt support 2023-10-30 13:03:59 -03:00
dso-ordering-test.py Fix all the remaining misspellings -- BZ 25337 2023-06-02 01:39:48 +00:00
evaluate-test.sh Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
firstversions.awk
gen-as-const.py Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
gen-libc-abis
gen-libc-modules.awk
gen-posix-conf-vars.awk
gen-rrtypes.py Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
gen-sorted.awk Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
gen-tunables.awk elf: Ignore GLIBC_TUNABLES for setuid/setgid binaries 2023-11-21 16:15:42 -03:00
glibc_shared_code.py Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
glibcelf.py Fix all the remaining misspellings -- BZ 25337 2023-06-02 01:39:48 +00:00
glibcextract.py Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
glibcpp.py Fix all the remaining misspellings -- BZ 25337 2023-06-02 01:39:48 +00:00
glibcsymbols.py Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
haveversions.awk Don't build libnsl for new ABIs 2018-09-24 10:23:10 +02:00
install-sh Update miscellaneous files from upstream sources. 2018-12-06 17:21:47 +00:00
lib-names.awk
lint-makefiles.sh Add lint-makefiles Makefile linting test. 2023-06-02 21:43:05 -04:00
list-fixed-bugs.py Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
list-sources.sh
localplt.awk scripts/localplt.awk: Handle DT_JMPREL with empty PLT (for C-SKY) 2022-10-27 11:36:44 +02:00
merge-test-results.sh Format test results closer to what DejaGnu does 2023-11-03 12:58:17 +00:00
mkinstalldirs Update miscellaneous files from upstream sources. 2018-12-06 17:21:47 +00:00
move-if-change Sync move-if-change from Gnulib, updating copyright 2022-01-01 11:42:26 -08:00
move-symbol-to-libc.py Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
pylint
pylintrc Fix all the remaining misspellings -- BZ 25337 2023-06-02 01:39:48 +00:00
rellns-sh Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
sort-makefile-lines.py Fix a few more typos I missed in previous round -- BZ 25337 2023-06-02 23:46:32 +00:00
soversions.awk
sysd-rules.awk
test_printers_common.py Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
test_printers_exceptions.py Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
test-installation.pl Update copyright dates not handled by scripts/update-copyrights 2023-01-06 21:45:36 +00:00
tst-elf-edit.py Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
tst-ld-trace.py Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
update-abilist.sh Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
update-copyrights Remove 'grp' and merge into 'nss' and 'posix' 2023-10-24 12:30:59 +02:00
vcstocl_quirks.py Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
versionlist.awk Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
versions.awk Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00