diff mbox series

[04/11] elf: Add GLIBC_TUNABLES to unsecvars

Message ID 20231010180111.561793-5-adhemerval.zanella@linaro.org
State New
Headers show
Series Improve tunable handling | expand

Commit Message

Adhemerval Zanella Oct. 10, 2023, 6:01 p.m. UTC
setuid/setgid process now ignores any glibc tunables, and filters out
all environment variables that might changes its behavior. This patch
also adds GLIBC_TUNABLES, so any spawned process by setuid/setgid
processes should set tunable explicitly.

Checked on x86_64-linux-gnu.
---
 elf/tst-env-setuid-tunables.c | 11 +++--------
 sysdeps/generic/unsecvars.h   |  1 +
 2 files changed, 4 insertions(+), 8 deletions(-)

Comments

Florian Weimer Oct. 12, 2023, 8:46 a.m. UTC | #1
* Adhemerval Zanella:

> setuid/setgid process now ignores any glibc tunables, and filters out
> all environment variables that might changes its behavior. This patch
> also adds GLIBC_TUNABLES, so any spawned process by setuid/setgid
> processes should set tunable explicitly.

This should be committed earlier, before the patch that removes
SXID_ERASE support.

Otherwise:

Reviewed-by: Florian Weimer <fweimer@redhat.com>

Thanks,
Florian
Adhemerval Zanella Oct. 13, 2023, 1:51 p.m. UTC | #2
On 12/10/23 05:46, Florian Weimer wrote:
> * Adhemerval Zanella:
> 
>> setuid/setgid process now ignores any glibc tunables, and filters out
>> all environment variables that might changes its behavior. This patch
>> also adds GLIBC_TUNABLES, so any spawned process by setuid/setgid
>> processes should set tunable explicitly.
> 
> This should be committed earlier, before the patch that removes
> SXID_ERASE support.
> 
> Otherwise:
> 
> Reviewed-by: Florian Weimer <fweimer@redhat.com>

Do you mean move it before 'elf: Ignore GLIBC_TUNABLES for setuid/setgid binaries'
patch?
Florian Weimer Oct. 13, 2023, 2:11 p.m. UTC | #3
* Adhemerval Zanella Netto:

> On 12/10/23 05:46, Florian Weimer wrote:
>> * Adhemerval Zanella:
>> 
>>> setuid/setgid process now ignores any glibc tunables, and filters out
>>> all environment variables that might changes its behavior. This patch
>>> also adds GLIBC_TUNABLES, so any spawned process by setuid/setgid
>>> processes should set tunable explicitly.
>> 
>> This should be committed earlier, before the patch that removes
>> SXID_ERASE support.
>> 
>> Otherwise:
>> 
>> Reviewed-by: Florian Weimer <fweimer@redhat.com>
>
> Do you mean move it before 'elf: Ignore GLIBC_TUNABLES for
> setuid/setgid binaries' patch?

Yes, exactly.

Thanks,
Florian
Adhemerval Zanella Oct. 13, 2023, 2:26 p.m. UTC | #4
On 13/10/23 11:11, Florian Weimer wrote:
> * Adhemerval Zanella Netto:
> 
>> On 12/10/23 05:46, Florian Weimer wrote:
>>> * Adhemerval Zanella:
>>>
>>>> setuid/setgid process now ignores any glibc tunables, and filters out
>>>> all environment variables that might changes its behavior. This patch
>>>> also adds GLIBC_TUNABLES, so any spawned process by setuid/setgid
>>>> processes should set tunable explicitly.
>>>
>>> This should be committed earlier, before the patch that removes
>>> SXID_ERASE support.
>>>
>>> Otherwise:
>>>
>>> Reviewed-by: Florian Weimer <fweimer@redhat.com>
>>
>> Do you mean move it before 'elf: Ignore GLIBC_TUNABLES for
>> setuid/setgid binaries' patch?
> 
> Yes, exactly.

Alright, I will change it.
diff mbox series

Patch

diff --git a/elf/tst-env-setuid-tunables.c b/elf/tst-env-setuid-tunables.c
index 3232f6b4c1..39b3648aa6 100644
--- a/elf/tst-env-setuid-tunables.c
+++ b/elf/tst-env-setuid-tunables.c
@@ -64,15 +64,10 @@  test_child (int off)
 
   printf ("    [%d] GLIBC_TUNABLES is %s\n", off, val);
   fflush (stdout);
-  if (val == NULL)
-    printf ("    [%d] GLIBC_TUNABLES environment variable absent\n", off);
+  if (val != NULL)
+    printf ("    [%d] Unexpected GLIBC_TUNABLES VALUE %s\n", off, val);
   else
-    {
-      if (strcmp (val, teststrings[off]) != 0)
-	printf ("    [%d] Unexpected GLIBC_TUNABLES VALUE %s\n", off, val);
-      else
-	ret = 0;
-    }
+    ret = 0;
   fflush (stdout);
 
   int32_t check = TUNABLE_GET_FULL (glibc, malloc, check, int32_t, NULL);
diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h
index ca70e2e989..f7ebed60e5 100644
--- a/sysdeps/generic/unsecvars.h
+++ b/sysdeps/generic/unsecvars.h
@@ -4,6 +4,7 @@ 
 #define UNSECURE_ENVVARS \
   "GCONV_PATH\0"							      \
   "GETCONF_DIR\0"							      \
+  "GLIBC_TUNABLES\0"							      \
   "HOSTALIASES\0"							      \
   "LD_AUDIT\0"								      \
   "LD_DEBUG\0"								      \