diff options
author | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2023-11-06 17:25:35 -0300 |
---|---|---|
committer | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2023-11-21 16:15:42 -0300 |
commit | a72a4eb10b2d9aef7a53f9d2facf166a685d85fb (patch) | |
tree | 13139f4c794d9e60c851b99f73ac3771ff09d9ee /elf/tst-env-setuid-tunables.c | |
parent | 6c6fce572fb8f583f14d898e54fd7d25ae91cf56 (diff) | |
download | glibc-a72a4eb10b2d9aef7a53f9d2facf166a685d85fb.tar.gz glibc-a72a4eb10b2d9aef7a53f9d2facf166a685d85fb.tar.xz glibc-a72a4eb10b2d9aef7a53f9d2facf166a685d85fb.zip |
elf: Add GLIBC_TUNABLES to unsecvars
setuid/setgid process now ignores any glibc tunables, and filters out all environment variables that might changes its behavior. This patch also adds GLIBC_TUNABLES, so any spawned process by setuid/setgid processes should set tunable explicitly. Checked on x86_64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com> Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Diffstat (limited to 'elf/tst-env-setuid-tunables.c')
-rw-r--r-- | elf/tst-env-setuid-tunables.c | 32 |
1 files changed, 4 insertions, 28 deletions
diff --git a/elf/tst-env-setuid-tunables.c b/elf/tst-env-setuid-tunables.c index f0b92c97e7..2603007b7b 100644 --- a/elf/tst-env-setuid-tunables.c +++ b/elf/tst-env-setuid-tunables.c @@ -60,45 +60,21 @@ const char *teststrings[] = "glibc.not_valid.check=2", }; -const char *resultstrings[] = -{ - "glibc.malloc.mmap_threshold=4096", - "glibc.malloc.mmap_threshold=4096", - "glibc.malloc.mmap_threshold=4096", - "glibc.malloc.perturb=0x800", - "glibc.malloc.perturb=0x800:glibc.malloc.mmap_threshold=4096", - "glibc.malloc.perturb=0x800:glibc.malloc.mmap_threshold=4096", - "glibc.malloc.mmap_threshold=4096", - "glibc.malloc.mmap_threshold=4096", - "glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096", - "", - "", - "", - "", - "", - "", - "", -}; - static int test_child (int off) { const char *val = getenv ("GLIBC_TUNABLES"); + int ret = 1; printf (" [%d] GLIBC_TUNABLES is %s\n", off, val); fflush (stdout); - if (val != NULL && strcmp (val, resultstrings[off]) == 0) - return 0; - if (val != NULL) - printf (" [%d] Unexpected GLIBC_TUNABLES VALUE %s, expected %s\n", - off, val, resultstrings[off]); + printf (" [%d] Unexpected GLIBC_TUNABLES VALUE %s\n", off, val); else - printf (" [%d] GLIBC_TUNABLES environment variable absent\n", off); - + ret = 0; fflush (stdout); - return 1; + return ret; } static int |