diff options
author | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2024-05-06 13:18:48 -0300 |
---|---|---|
committer | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2024-05-07 12:16:36 -0300 |
commit | eb59c7b43dd5c64c38e4c3cd21e7ad75d8d29cb0 (patch) | |
tree | 1e328170bed00764e57cb25bda2a1829e1da4f6a /elf/tst-tunables-enable_secure.c | |
parent | 1e1ad714ee9a663eda0e2bffad1d9f258b00a4e9 (diff) | |
download | glibc-eb59c7b43dd5c64c38e4c3cd21e7ad75d8d29cb0.tar.gz glibc-eb59c7b43dd5c64c38e4c3cd21e7ad75d8d29cb0.tar.xz glibc-eb59c7b43dd5c64c38e4c3cd21e7ad75d8d29cb0.zip |
elf: Make glibc.rtld.enable_secure ignore alias environment variables
Tunable with environment variables aliases are also ignored if glibc.rtld.enable_secure is enabled. The tunable parsing is also optimized a bit, where the loop that checks each environment variable only checks for the tunables with aliases instead of all tables. Checked on aarch64-linux-gnu and x86_64-linux-gnu. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Diffstat (limited to 'elf/tst-tunables-enable_secure.c')
-rw-r--r-- | elf/tst-tunables-enable_secure.c | 136 |
1 files changed, 122 insertions, 14 deletions
diff --git a/elf/tst-tunables-enable_secure.c b/elf/tst-tunables-enable_secure.c index f5db1c84e9..99a065e8db 100644 --- a/elf/tst-tunables-enable_secure.c +++ b/elf/tst-tunables-enable_secure.c @@ -17,6 +17,10 @@ <https://www.gnu.org/licenses/>. */ #include <array_length.h> +/* The test uses the tunable_env_alias_list size, which is only exported for + ld.so. This will result in a copy of tunable_list and + tunable_env_alias_list, which is ununsed by the test itself. */ +#define TUNABLES_INTERNAL 1 #include <dl-tunables.h> #include <getopt.h> #include <intprops.h> @@ -34,6 +38,8 @@ static int restart; static const struct test_t { const char *env; + const char *extraenv; + bool check_multiple; int32_t expected_malloc_check; int32_t expected_enable_secure; } tests[] = @@ -41,39 +47,124 @@ static const struct test_t /* Expected tunable format. */ /* Tunables should be ignored if enable_secure is set. */ { - "glibc.malloc.check=2:glibc.rtld.enable_secure=1", + "GLIBC_TUNABLES=glibc.malloc.check=2:glibc.rtld.enable_secure=1", + NULL, + false, 0, 1, }, /* Tunables should be ignored if enable_secure is set. */ { - "glibc.rtld.enable_secure=1:glibc.malloc.check=2", + "GLIBC_TUNABLES=glibc.rtld.enable_secure=1:glibc.malloc.check=2", + NULL, + false, 0, 1, }, /* Tunables should be set if enable_secure is unset. */ { - "glibc.rtld.enable_secure=0:glibc.malloc.check=2", + "GLIBC_TUNABLES=glibc.rtld.enable_secure=0:glibc.malloc.check=2", + NULL, + false, 2, 0, }, + /* Tunables should be ignored if enable_secure is set. */ + { + "GLIBC_TUNABLES=glibc.malloc.check=2:glibc.rtld.enable_secure=1", + "MALLOC_CHECK_=2", + false, + 0, + 1, + }, + /* Same as before, but with enviroment alias prior GLIBC_TUNABLES. */ + { + "MALLOC_CHECK_=2", + "GLIBC_TUNABLES=glibc.malloc.check=2:glibc.rtld.enable_secure=1", + false, + 0, + 1, + }, + /* Tunables should be ignored if enable_secure is set. */ + { + "GLIBC_TUNABLES=glibc.rtld.enable_secure=1:glibc.malloc.check=2", + "MALLOC_CHECK_=2", + false, + 0, + 1, + }, + { + "MALLOC_CHECK_=2", + "GLIBC_TUNABLES=glibc.rtld.enable_secure=1:glibc.malloc.check=2", + false, + 0, + 1, + }, + /* Tunables should be set if enable_secure is unset. */ + { + "GLIBC_TUNABLES=glibc.rtld.enable_secure=0:glibc.malloc.check=2", + /* Tunable have precedence over the environment variable. */ + "MALLOC_CHECK_=1", + false, + 2, + 0, + }, + { + "MALLOC_CHECK_=1", + "GLIBC_TUNABLES=glibc.rtld.enable_secure=0:glibc.malloc.check=2", + /* Tunable have precedence over the environment variable. */ + false, + 2, + 0, + }, + /* Tunables should be set if enable_secure is unset. */ + { + "GLIBC_TUNABLES=glibc.rtld.enable_secure=0", + /* Tunable have precedence over the environment variable. */ + "MALLOC_CHECK_=1", + false, + 1, + 0, + }, + /* Tunables should be set if enable_secure is unset. */ + { + "GLIBC_TUNABLES=glibc.rtld.enable_secure=0", + /* Tunable have precedence over the environment variable. */ + "MALLOC_CHECK_=1", + false, + 1, + 0, + }, + /* Check with tunables environment variable alias set multiple times. */ + { + "GLIBC_TUNABLES=glibc.rtld.enable_secure=1:glibc.malloc.check=2", + "MALLOC_CHECK_=2", + true, + 0, + 1, + }, + /* Tunables should be set if enable_secure is unset. */ + { + "GLIBC_TUNABLES=glibc.rtld.enable_secure=0", + /* Tunable have precedence over the environment variable. */ + "MALLOC_CHECK_=1", + true, + 1, + 0, + }, }; static int handle_restart (int i) { if (tests[i].expected_enable_secure == 1) - { - TEST_COMPARE (1, __libc_enable_secure); - } + TEST_COMPARE (1, __libc_enable_secure); else - { - TEST_COMPARE (tests[i].expected_malloc_check, - TUNABLE_GET_FULL (glibc, malloc, check, int32_t, NULL)); - TEST_COMPARE (tests[i].expected_enable_secure, - TUNABLE_GET_FULL (glibc, rtld, enable_secure, int32_t, - NULL)); - } + TEST_COMPARE (tests[i].expected_enable_secure, + TUNABLE_GET_FULL (glibc, rtld, enable_secure, int32_t, + NULL)); + TEST_COMPARE (tests[i].expected_malloc_check, + TUNABLE_GET_FULL (glibc, malloc, check, int32_t, NULL)); return 0; } @@ -106,14 +197,31 @@ do_test (int argc, char *argv[]) spargv[i] = NULL; } + enum { tunable_num_env_alias = array_length (tunable_env_alias_list) }; + for (int i = 0; i < array_length (tests); i++) { snprintf (nteststr, sizeof nteststr, "%d", i); printf ("[%d] Spawned test for %s\n", i, tests[i].env); setenv ("GLIBC_TUNABLES", tests[i].env, 1); + + char *envp[2 + tunable_num_env_alias + 1] = + { + (char *) tests[i].env, + (char *) tests[i].extraenv, + NULL, + }; + if (tests[i].check_multiple) + { + int j; + for (j=0; j < tunable_num_env_alias; j++) + envp[j + 2] = (char *) tests[i].extraenv; + envp[j + 2] = NULL; + } + struct support_capture_subprocess result - = support_capture_subprogram (spargv[0], spargv, NULL); + = support_capture_subprogram (spargv[0], spargv, envp); support_capture_subprocess_check (&result, "tst-tunables-enable_secure", 0, sc_allow_stderr); support_capture_subprocess_free (&result); |