Always enable pointer guard [BZ #18928]

Honoring the LD_POINTER_GUARD environment variable in AT_SECURE mode
has security implications.  This commit enables pointer guard
unconditionally, and the environment variable is now ignored.

        [BZ #18928]
        * sysdeps/generic/ldsodefs.h (struct rtld_global_ro): Remove
        _dl_pointer_guard member.
        * elf/rtld.c (_rtld_global_ro): Remove _dl_pointer_guard
        initializer.
        (security_init): Always set up pointer guard.
        (process_envvars): Do not process LD_POINTER_GUARD.

1 files changed, 8 insertions, 5 deletions

diff --git a/NEWS b/NEWS
index d4e8b4adf2..0491a27a1e 100644
--- a/NEWS
+++ b/NEWS
@@ -16,11 +16,14 @@ Version 2.23
   18265, 18370, 18421, 18480, 18525, 18595, 18589, 18610, 18618, 18647,
   18661, 18674, 18675, 18681, 18724, 18757, 18778, 18781, 18787, 18789,
   18790, 18795, 18796, 18803, 18820, 18823, 18824, 18825, 18857, 18863,
-  18870, 18872, 18873, 18875, 18887, 18921, 18951, 18952, 18956, 18961,
-  18966, 18967, 18969, 18970, 18977, 18980, 18981, 18985, 19003, 19007,
-  19012, 19016, 19018, 19032, 19046, 19049, 19050, 19059, 19071, 19074,
-  19076, 19077, 19078, 19079, 19085, 19086, 19088, 19094, 19095, 19124,
-  19125, 19129, 19134
+  18870, 18872, 18873, 18875, 18887, 18921, 18928, 18951, 18952, 18956,
+  18961, 18966, 18967, 18969, 18970, 18977, 18980, 18981, 18985, 19003,
+  19007, 19012, 19016, 19018, 19032, 19046, 19049, 19050, 19059, 19071,
+  19074, 19076, 19077, 19078, 19079, 19085, 19086, 19088, 19094, 19095,
+  19124, 19125, 19129, 19134
+
+* The LD_POINTER_GUARD environment variable can no longer be used to
+  disable the pointer guard feature.  It is always enabled.
 
 * The obsolete header <regexp.h> has been removed.  Programs that require
   this header must be updated to use <regex.h> instead.