From patchwork Tue Oct 17 13:05:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 734381 Delivered-To: patch@linaro.org Received: by 2002:adf:f0cd:0:b0:32d:baff:b0ca with SMTP id x13csp468371wro; Tue, 17 Oct 2023 06:06:29 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF8vbwRlRQy/gtyAi94T95bbGaxc3Z8ZGtqjll8AmRGu/9YBu/S1uc35GoZMwX8ZA1u+vgN X-Received: by 2002:a67:ab4e:0:b0:452:8ad4:29d9 with SMTP id k14-20020a67ab4e000000b004528ad429d9mr2105099vsh.17.1697547988598; Tue, 17 Oct 2023 06:06:28 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1697547988; cv=pass; d=google.com; s=arc-20160816; b=UUnY2ZP+C/WAkfskmElhZXqluR9gF52/2CrgOtIlpQAhXv5cCRlcmV2+y2HQJEcopN enrjuXzgOrnmbQldkgXhj9IUJEU/1D/0Y4T55O/I8fRxhGTEQfEt+JXQrWStNyoQE2K1 E5tTskndz90sehUB2yR2K2WG+0ekRmu9mpqqMzaF3MvmkLJiDvnJcfExlZk9pgnp76Vu P1mpok9IhihvhizrrVqrDvHYlSV0BUiDF9ZrOlV6IF9fFTU/5dXxfPcI1HTP7KxiC3DA rcbeLqsdD1e9E5g2GOFI7uO9ZVQ5sDzHRwpt89v1uI3iU3jjMDYD1GfcSGwhZ70p0N1h BWTQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:arc-filter:dmarc-filter:delivered-to; bh=Ndl3eLOJSJb9Wv3XacMODGgBBikQ38bTer5P1SvxTB4=; fh=VMuAjWLc97wcDarQBhQuFh9YVmIwEj8w9Q+Q5DjP2hw=; b=Kq/ZPIPtJ+tsD87ycgVxETAxotff6ePV0dxRz4pr1pD9wEOzTCT5VyFmmPv2e5kHnH IEGFJQ7ABCgD3LdjJ/grxpgOvw0w5FmAoCSS1p20e6MREYk2DpOO+sfU1rV6kVnHj2w1 FPexlkyOHhOBAt/bOxC9iA2MyBh3ePhmouW4Cr6FFB7y3zdY1slTPYoAP4HWSpRPTJab gcLfzZuLjWTsGKtOBdCUNNWIEd2qs8oL4vrwvzicp5OptkiEVZ8W1+YH+wsRIR087ipv O3eSbAwBsW6kW+yMk8pC3ven5xnqX6XOJCV+XjuGeF/ashg68mmx2RR1qcj5NMrx9xZE W/Jw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=CCoUXJwl; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces+patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (ip-8-43-85-97.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id f19-20020a056102213300b004545aac36f8si123050vsg.479.2023.10.17.06.06.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Oct 2023 06:06:28 -0700 (PDT) Received-SPF: pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=CCoUXJwl; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces+patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 2FB323856DC6 for ; Tue, 17 Oct 2023 13:06:28 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x434.google.com (mail-pf1-x434.google.com [IPv6:2607:f8b0:4864:20::434]) by sourceware.org (Postfix) with ESMTPS id 796023858D38 for ; Tue, 17 Oct 2023 13:06:22 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 796023858D38 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 796023858D38 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::434 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1697547983; cv=none; b=kjztwYDHPfTnZyXqIubUO9n9ObPhcwCWK6nZ4YIDznj8zBEUeU5l4c1NE4CtxgbvVQ3qA4JB1W3Kb2evoMxSPfchfQlvrHfimnG1QZ28eF8afm3ZEbuoM1PSoholJlnp70SvceMg4Iio6Q09YKq8iCbM/j2pN8yKIA2G9yH4jUU= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1697547983; c=relaxed/simple; bh=Rh5DqF6XXxM7b0q85NNJifKOdTNfDO2mpCCvXWt3Oew=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=WJjCiodBJ9mr0cf6UGrN9XtsccFiILr+/lxZzq8XP8L0WKdXp6mmHC4aN7VEgXT6EgylAlAgMv0lpVMwmFF2cI4kc+QmmOWmizcAwqZKPVcupbaXqS3s3gqhZsdD/xkUJXALYnhZEMl/UsN3pVn3E5FV0GjvH89vwvwYTz6EFK8= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pf1-x434.google.com with SMTP id d2e1a72fcca58-6b709048d8eso2573193b3a.2 for ; Tue, 17 Oct 2023 06:06:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1697547980; x=1698152780; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Ndl3eLOJSJb9Wv3XacMODGgBBikQ38bTer5P1SvxTB4=; b=CCoUXJwlEIgbwQrkCUtXGrMxAk9OTwZcWtZAZjYQx3BrCYUEV8YdwGKIowaduaU/he txCvqbg3gpTmXjCRdYp8z290q8TyPabUQcULKTwx8H86P9h0nnx2FLhjwezHp8kis3zs K7pGlhFL4dtw3Stf1YMKxad+yP/U9n14mvALS5rrr+aPQU1SRWyBhBg9KLNGmw0ND44a SEm0Wm6lbB84FEYPmjluNWo2aJK7hwm/hhSqGB4/jOtqhQq9qhW70c7igCGrgfw5jucd ILPk/Xz2mUZGyrCWZuclH+5LhnlTeoFdk3WOY9ChCEPSiAGaI4lYxuSoFyrb0XxOIcNX S3HA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697547980; x=1698152780; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ndl3eLOJSJb9Wv3XacMODGgBBikQ38bTer5P1SvxTB4=; b=ScifugDIZfPg2ir1LCtvM4uPh0V36qGraQ3BUS4f1QM3oS9SxrRw7MrXd9EBdpM3hD 9M9GDw+GEMQHE5LZE1uirmGHoUPgfu5YC9Q/7+OIqXGekqJgTogbZ/iYKdL0ecQyurOi hNd9aHwogijbdtt9WKXfj4k17pYxWzfd/tIz92eh6+AVT7UALhNz/m4aOh675fAocqmS ix1Kebph5bEhYKP7peuRXjZouuQKdAQ8OBZAWIJfBDC8wKEJvCRuRK3UeuvqDKfKnzCp kjoMmXRJrRshr6YHogjEPMTEsa3pJKz9qzUDQ4sAYMai0t0BHOmrAGfBHHc36eIBtch4 7QpQ== X-Gm-Message-State: AOJu0Yx+SLmJuGe4LQBla8b/kHv3suozWlUeTx7YZHUVrJe/rmRKT6tr +fbgWfl0jiVGgTkOEGYCw8nw4C+suzZajpxLYzlEZA== X-Received: by 2002:a05:6a20:2615:b0:15d:9ee7:1811 with SMTP id i21-20020a056a20261500b0015d9ee71811mr1615140pze.36.1697547979822; Tue, 17 Oct 2023 06:06:19 -0700 (PDT) Received: from mandiga.. ([2804:1b3:a7c3:7f2e:11d:92b4:4d78:4197]) by smtp.gmail.com with ESMTPSA id l28-20020a635b5c000000b0056b6d1ac949sm1309788pgm.13.2023.10.17.06.06.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Oct 2023 06:06:19 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org, Siddhesh Poyarekar Cc: Florian Weimer Subject: [PATCH v2 02/19] elf: Add GLIBC_TUNABLES to unsecvars Date: Tue, 17 Oct 2023 10:05:09 -0300 Message-Id: <20231017130526.2216827-3-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231017130526.2216827-1-adhemerval.zanella@linaro.org> References: <20231017130526.2216827-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.5 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+patch=linaro.org@sourceware.org setuid/setgid process now ignores any glibc tunables, and filters out all environment variables that might changes its behavior. This patch also adds GLIBC_TUNABLES, so any spawned process by setuid/setgid processes should set tunable explicitly. Checked on x86_64-linux-gnu. Reviewed-by: Florian Weimer Reviewed-by: Siddhesh Poyarekar --- elf/tst-env-setuid-tunables.c | 32 ++++---------------------------- sysdeps/generic/unsecvars.h | 1 + 2 files changed, 5 insertions(+), 28 deletions(-) diff --git a/elf/tst-env-setuid-tunables.c b/elf/tst-env-setuid-tunables.c index f0b92c97e7..2603007b7b 100644 --- a/elf/tst-env-setuid-tunables.c +++ b/elf/tst-env-setuid-tunables.c @@ -60,45 +60,21 @@ const char *teststrings[] = "glibc.not_valid.check=2", }; -const char *resultstrings[] = -{ - "glibc.malloc.mmap_threshold=4096", - "glibc.malloc.mmap_threshold=4096", - "glibc.malloc.mmap_threshold=4096", - "glibc.malloc.perturb=0x800", - "glibc.malloc.perturb=0x800:glibc.malloc.mmap_threshold=4096", - "glibc.malloc.perturb=0x800:glibc.malloc.mmap_threshold=4096", - "glibc.malloc.mmap_threshold=4096", - "glibc.malloc.mmap_threshold=4096", - "glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096", - "", - "", - "", - "", - "", - "", - "", -}; - static int test_child (int off) { const char *val = getenv ("GLIBC_TUNABLES"); + int ret = 1; printf (" [%d] GLIBC_TUNABLES is %s\n", off, val); fflush (stdout); - if (val != NULL && strcmp (val, resultstrings[off]) == 0) - return 0; - if (val != NULL) - printf (" [%d] Unexpected GLIBC_TUNABLES VALUE %s, expected %s\n", - off, val, resultstrings[off]); + printf (" [%d] Unexpected GLIBC_TUNABLES VALUE %s\n", off, val); else - printf (" [%d] GLIBC_TUNABLES environment variable absent\n", off); - + ret = 0; fflush (stdout); - return 1; + return ret; } static int diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h index 8278c50a84..81397fb90b 100644 --- a/sysdeps/generic/unsecvars.h +++ b/sysdeps/generic/unsecvars.h @@ -4,6 +4,7 @@ #define UNSECURE_ENVVARS \ "GCONV_PATH\0" \ "GETCONF_DIR\0" \ + "GLIBC_TUNABLES\0" \ "HOSTALIASES\0" \ "LD_AUDIT\0" \ "LD_DEBUG\0" \