diff options
| author | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2023-11-06 17:25:36 -0300 |
|---|---|---|
| committer | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2023-11-21 16:15:42 -0300 |
| commit | 9c96c87d60eafa4d78406e606e92b42bd4b570ad (patch) | |
| tree | f2b1db62e65cdf8cae4e058bea8e40aae847dc16 /elf/Makefile | |
| parent | a72a4eb10b2d9aef7a53f9d2facf166a685d85fb (diff) | |
| download | glibc-9c96c87d60eafa4d78406e606e92b42bd4b570ad.tar.gz glibc-9c96c87d60eafa4d78406e606e92b42bd4b570ad.tar.xz glibc-9c96c87d60eafa4d78406e606e92b42bd4b570ad.zip | |
elf: Ignore GLIBC_TUNABLES for setuid/setgid binaries
The tunable privilege levels were a retrofit to try and keep the malloc tunable environment variables' behavior unchanged across security boundaries. However, CVE-2023-4911 shows how tricky can be tunable parsing in a security-sensitive environment. Not only parsing, but the malloc tunable essentially changes some semantics on setuid/setgid processes. Although it is not a direct security issue, allowing users to change setuid/setgid semantics is not a good security practice, and requires extra code and analysis to check if each tunable is safe to use on all security boundaries. It also means that security opt-in features, like aarch64 MTE, would need to be explicit enabled by an administrator with a wrapper script or with a possible future system-wide tunable setting. Co-authored-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: DJ Delorie <dj@redhat.com>
Diffstat (limited to 'elf/Makefile')
| -rw-r--r-- | elf/Makefile | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/elf/Makefile b/elf/Makefile index 85ce0033d2..761f1d0af3 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -263,7 +263,6 @@ tests-static-normal := \ tst-dl-iter-static \ tst-dst-static \ tst-env-setuid \ - tst-env-setuid-tunables \ tst-getauxval-static \ tst-linkall-static \ tst-single_threaded-pthread-static \ @@ -276,10 +275,12 @@ tests-static-normal := \ tests-static-internal := \ tst-dl-printf-static \ tst-dl_find_object-static \ + tst-env-setuid-tunables \ tst-ptrguard1-static \ tst-stackguard1-static \ tst-tls1-static \ tst-tls1-static-non-pie \ + tst-tunables \ # tests-static-internal CRT-tst-tls1-static-non-pie := $(csu-objpfx)crt1.o @@ -2662,6 +2663,8 @@ $(objpfx)tst-glibc-hwcaps-mask.out: \ # tst-glibc-hwcaps-cache. $(objpfx)tst-glibc-hwcaps-cache.out: $(objpfx)tst-glibc-hwcaps +tst-tunables-ARGS = -- $(host-test-program-cmd) + $(objpfx)list-tunables.out: tst-rtld-list-tunables.sh $(objpfx)ld.so $(SHELL) $< $(objpfx)ld.so '$(test-wrapper-env)' \ '$(run_program_env)' > $(objpfx)/tst-rtld-list-tunables.out |