mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-26 15:00:06 +00:00
9c96c87d60
The tunable privilege levels were a retrofit to try and keep the malloc tunable environment variables' behavior unchanged across security boundaries. However, CVE-2023-4911 shows how tricky can be tunable parsing in a security-sensitive environment. Not only parsing, but the malloc tunable essentially changes some semantics on setuid/setgid processes. Although it is not a direct security issue, allowing users to change setuid/setgid semantics is not a good security practice, and requires extra code and analysis to check if each tunable is safe to use on all security boundaries. It also means that security opt-in features, like aarch64 MTE, would need to be explicit enabled by an administrator with a wrapper script or with a possible future system-wide tunable setting. Co-authored-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: DJ Delorie <dj@redhat.com> |
||
|---|---|---|
| .. | ||
| dl-tunables.list | ||
| Implies-after | ||
| Makefile | ||
| tst-map-32bit-1a.c | ||
| tst-map-32bit-1b.c | ||
| tst-map-32bit-2.c | ||
| tst-map-32bit-mod-2.c | ||
| tst-map-32bit-mod.c | ||