From patchwork Wed Nov 22 12:35:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 746021 Delivered-To: patch@linaro.org Received: by 2002:a5d:6706:0:b0:32d:baff:b0ca with SMTP id o6csp273477wru; Wed, 22 Nov 2023 04:36:15 -0800 (PST) X-Google-Smtp-Source: AGHT+IFKcBtglJDHhYTLE70OeCdzi2AQuvNbup8edFS4DpyT2dTmSjepyMDvvc7qm6DvJnyhQTDx X-Received: by 2002:a05:6214:2424:b0:66c:ffda:4a3c with SMTP id gy4-20020a056214242400b0066cffda4a3cmr2610996qvb.55.1700656575543; Wed, 22 Nov 2023 04:36:15 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1700656575; cv=pass; d=google.com; s=arc-20160816; b=VZGmb36diSeIyncVrhBIm3knpzESR3LbD6G86bBe/XmJDzyuy8GiIffZV0h50bllNJ rysaFKW2yqcLspaUckjfyZDTuhccZ91eggwf5/hCwO8p1UqSLWI+RSCGjGrBp7LcHQTC 4bgNSKWTv8EuUkiiVWk7IGcfhNlZl+r73Jc5/gyhp/QLL6MPBEC/zBrGk4x07VUDCsRY LK8ROeaZ5fWM9gEHkoIl3XzRXbayWo+ISpJuoGjG3kujwWtzTE27B6KZDo0JmKauGZ2x w3GudbhrEGgtlOAe1xKMK+ZAWH1HeVGFmU5eKU8nUTBIp/0YvUSDS9BefKvpWiTmukpE 2s/A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:to:from:dkim-signature :arc-filter:dmarc-filter:delivered-to; bh=UPYdDhCReUTvTrEDwUjrnJjuiTBcErBN/v70sVAoE5I=; fh=Eoh12rOA3G9+1wWUpSCqABE4OFO6OiQ5dhxZkiORJq4=; b=GsxJUDRj4KexGpBpmEFDYoI8HRQMs3z9QTmqONPbHbYV/7sl+vlk19ZQ4bm9sPnrUZ IezzoeNXjHrWJks+KZWGq3AoxyGEH0pv/PKhP/+eZoWAFpNylx7B6hoxiNyNq4eRD7k6 W15B4FvuHJdXSN6FkWbzLopkjYoCgBsn0mNeTO/mr1KJWaCqw6/NpDJ/8VdRnzlfJC6F 7NjFD77HJbdAkSnUYDm78YkzZKVDQOhIr1pPSBdoDe3J6aJvn0vEcnOrU90U949/GoHm pcOJf+cyFENO1vuAZhFY+LVdbdnOJBMZq1MEHUVcaFZITy7Ue6vUwJxj6EwgnKRYnEla sQMw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="EbZazn/m"; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces+patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id p6-20020a0cfac6000000b00670dbcaea30si11082721qvo.147.2023.11.22.04.36.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 04:36:15 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="EbZazn/m"; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces+patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id EF3113857B8B for ; Wed, 22 Nov 2023 12:36:14 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x629.google.com (mail-pl1-x629.google.com [IPv6:2607:f8b0:4864:20::629]) by sourceware.org (Postfix) with ESMTPS id F08843858C35 for ; Wed, 22 Nov 2023 12:36:07 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org F08843858C35 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org F08843858C35 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::629 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1700656569; cv=none; b=a1NhNT7M4txh7bWvc4nwqIqyARI2+ttCpAbUM4cPD9lD+cwee8J2xcuW/4XWsON50HDEZIkwY3T3FdbRkMzJAyc5FoSLBeNEbxJiP++nK8gdzL2XLhnIB3Kq3U11hAk8yY2lp9U5007dkV8Fy4EP9+qFpwocJSd4LvLSnHRix9Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1700656569; c=relaxed/simple; bh=B959b6igVl5vISZvHHFJmLfhQApLNQu2xJ2apGu02aQ=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=k6taOB6IRyV2sZu2R01Ekx/TLkgsIz1V42jKZXU4IpPPLpEwUArcWxpMiey6G+Jz2sHxywG+N388xMZ1QFrwkrIGdGHs8qNrXFlDnuBurDup5DQTicgZMZKyDxNrA+mIb0rgnuJe7ObMp92cMVdJokwnlKCoVvBEDZ85WlPEeSU= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pl1-x629.google.com with SMTP id d9443c01a7336-1cf6a67e290so22456365ad.1 for ; Wed, 22 Nov 2023 04:36:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1700656566; x=1701261366; darn=sourceware.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=UPYdDhCReUTvTrEDwUjrnJjuiTBcErBN/v70sVAoE5I=; b=EbZazn/mbLYi4YHTBZArmTE1UnoNgzs7Ol3rFJBW7gjUWPi3Yud8fDOmMxpUZAMTh1 2qeFSwRKHcfoitF7zqQw9X2iNiq1Ep68Nf/jbkqfP5g50sP4/FhERq3LIHfhJ8eRVnYW V8xyJDTwoRYAIYfp2t46xv/m9yHGYWBDvgwcvQwzkVbwsStnG+u+JpFAXmtd/0hFpI+M LjVMW1enNoedrnH5xf0AN4JAOBAE2rVgmDBozrre3aZqcavzrI/lqD8I/JMy5xZQ+yww BRTha42QmZ7uaqhwYSGI01o3E7zd51TVuvuP/ctFFrzyuRmhysUEV2dynwisEiVCw1U8 f7uQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700656566; x=1701261366; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=UPYdDhCReUTvTrEDwUjrnJjuiTBcErBN/v70sVAoE5I=; b=UIEoF21Mzswo5A566k94s7kYQwO+FTc+jg1NroBJs857gvtjqRILLPSgV+8WDjh7PE /I7uuWaZgC/nOhGGP4m0R1IoR9N852GPWvHoc4efjtGY1uKp4p6rX7HIThcdxqx8nu9c jncxAfYNqQOtnzH/BDdHgEagDqikr3gwQZzTkEynseLyMe0/Lw9cWY45BRzV1a7hortG +8xQ6FhSQu+cwSI+lzV7MnXX1nSx9N6d5d6y+hqsCPOdeVVfwQ2qS2UqR+oHTktVLWHN apZlt59ztPXIfHg9VeClFxcaDqI8PaDwfBu/twGzUgZ3xLa/s9W/Scr44tKg2RyLzKpk am3A== X-Gm-Message-State: AOJu0Yw8Wmr5znEGmSn5YhrSwEXYMkQcSGGtMg0MnOIBNZmVKfBpZpB6 MgiQHg/WcKXMS7oSK2U6HHCfX6gm8xiPqNB8BKseuA== X-Received: by 2002:a17:902:dad1:b0:1cc:c857:14a0 with SMTP id q17-20020a170902dad100b001ccc85714a0mr2157522plx.3.1700656566115; Wed, 22 Nov 2023 04:36:06 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c2:94e:ee04:b0d3:203c:7e3]) by smtp.gmail.com with ESMTPSA id a4-20020a170902ee8400b001c9d011581dsm9736021pld.164.2023.11.22.04.36.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 04:36:05 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org, siddhesh@sourceware.org Subject: [PATCH v4 0/4] Improve loader environment variable handling Date: Wed, 22 Nov 2023 09:35:57 -0300 Message-Id: <20231122123601.603315-1-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Spam-Status: No, score=-3.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+patch=linaro.org@sourceware.org The first patch removes the tunable_strdup and make the GLIBC_TUNABLE parsing in place (no more possible allocation failure). The parsing now tracks the tunable string start and its size. The dl-tunable-parse.h adds helper functions to help to parse, like an strcmp that also checks for size and an iterator for suboptions that are comma-separated (used on hwcap parsing by x86, powerpc, and s390x). The second and third patch make loader ignore all but just LD_PRELOAD and LD_AUDIT for setuid binaries. For both options, loader ensures that pathnames containing slashes are ignored and shared libraries are loaded only from the standard search directories and only if they have set-user-ID mode bit enabled. Changes from v3: * Fixed tunable_initialize for strong aliases (it used the key length, instead of the value length). * Added a assert on tunable_str_comma_init to ensure its value is non null. * Added LD_WARN and LD_VERBOSE to filtered environment variables. Changes from v2: * Extend tst-tunables with tunables aliases tests. * Use warning instead of an error to indicate invalid tunables. * Fixed tunable_initialize for string aliases. Changes from v1: * Ignore most of the environment variables on security-sensitive mode. * Extend tests. Adhemerval Zanella (4): elf: Do not duplicate the GLIBC_TUNABLES string elf: Ignore loader debug env vars for setuid elf: Ignore LD_BIND_NOW and LD_BIND_NOT for setuid binaries elf: Refactor process_envvars elf/dl-tunables.c | 90 +++++----- elf/dl-tunables.h | 6 +- elf/rtld.c | 108 ++++++++---- elf/tst-env-setuid.c | 8 +- elf/tst-tunables.c | 66 ++++++- sysdeps/generic/dl-tunables-parse.h | 134 ++++++++++++++ sysdeps/generic/unsecvars.h | 4 + sysdeps/s390/cpu-features.c | 165 +++++++----------- .../unix/sysv/linux/aarch64/cpu-features.c | 33 ++-- .../unix/sysv/linux/powerpc/cpu-features.c | 45 ++--- .../sysv/linux/powerpc/tst-hwcap-tunables.c | 6 +- sysdeps/x86/Makefile | 4 +- sysdeps/x86/cpu-tunables.c | 118 +++++-------- sysdeps/x86/tst-hwcap-tunables.c | 148 ++++++++++++++++ 14 files changed, 619 insertions(+), 316 deletions(-) create mode 100644 sysdeps/generic/dl-tunables-parse.h create mode 100644 sysdeps/x86/tst-hwcap-tunables.c