Propagate GLIBC_TUNABLES in setxid binaries

GLIBC_TUNABLES scrubbing happens earlier than envvar scrubbing and some tunables are required to propagate past setxid boundary, like their env_alias. Rely on tunable scrubbing to clean out GLIBC_TUNABLES like before, restoring behaviour in glibc 2.37 and earlier. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Carlos O'Donell <carlos@redhat.com> (cherry picked from commit 0d5f9ea97f1b39f2a855756078771673a68497e1)
author: Siddhesh Poyarekar <siddhesh@sourceware.org> 2023-09-19 13:25:40 -0400
committer: Siddhesh Poyarekar <siddhesh@sourceware.org> 2023-10-02 15:37:16 -0400
commit: 73e3fcd1a552783e66ff1f65c5f322e2f17a81d1 (patch)
tree: 56e77d0a4ce71840f3daa2cedcbda27ff77b4fc4
parent: f6445dc94da185b3d1ee283f0ca0a34c4e1986cc (diff)
download: glibc-73e3fcd1a552783e66ff1f65c5f322e2f17a81d1.tar.gz
glibc-73e3fcd1a552783e66ff1f65c5f322e2f17a81d1.tar.xz
glibc-73e3fcd1a552783e66ff1f65c5f322e2f17a81d1.zip
1 files changed, 0 insertions, 1 deletions
diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h
index 81397fb90b..8278c50a84 100644
--- a/sysdeps/generic/unsecvars.h
+++ b/sysdeps/generic/unsecvars.h
@@ -4,7 +4,6 @@
 #define UNSECURE_ENVVARS \
   "GCONV_PATH\0"							      \
   "GETCONF_DIR\0"							      \
-  "GLIBC_TUNABLES\0"							      \
   "HOSTALIASES\0"							      \
   "LD_AUDIT\0"								      \
   "LD_DEBUG\0"								      \
author	Siddhesh Poyarekar <siddhesh@sourceware.org>	2023-09-19 13:25:40 -0400
committer	Siddhesh Poyarekar <siddhesh@sourceware.org>	2023-10-02 15:37:16 -0400
commit	73e3fcd1a552783e66ff1f65c5f322e2f17a81d1 (patch)
tree	56e77d0a4ce71840f3daa2cedcbda27ff77b4fc4
parent	f6445dc94da185b3d1ee283f0ca0a34c4e1986cc (diff)
download	glibc-73e3fcd1a552783e66ff1f65c5f322e2f17a81d1.tar.gz glibc-73e3fcd1a552783e66ff1f65c5f322e2f17a81d1.tar.xz glibc-73e3fcd1a552783e66ff1f65c5f322e2f17a81d1.zip