about summary refs log tree commit diff
path: root/sysdeps
diff options
context:
space:
mode:
authorSiddhesh Poyarekar <siddhesh@sourceware.org>2017-02-02 15:48:06 +0530
committerSiddhesh Poyarekar <siddhesh@sourceware.org>2017-02-02 15:50:24 +0530
commited8d5ffd0a14e84298a15ae2ec9b799010166b28 (patch)
tree6cabcdeec197523b72b6e88a1910cd97176f766d /sysdeps
parent8b9e9c3c0bae497ad5e2d0ae2f333f62feddcc12 (diff)
downloadglibc-ed8d5ffd0a14e84298a15ae2ec9b799010166b28.tar.gz
glibc-ed8d5ffd0a14e84298a15ae2ec9b799010166b28.tar.xz
glibc-ed8d5ffd0a14e84298a15ae2ec9b799010166b28.zip
Drop GLIBC_TUNABLES for setxid programs when tunables is disabled (bz #21073)
A setxid program that uses a glibc with tunables disabled may pass on
GLIBC_TUNABLES as is to its child processes.  If the child process
ends up using a different glibc that has tunables enabled, it will end
up getting access to unsafe tunables.  To fix this, remove
GLIBC_TUNABLES from the environment for setxid process.

	* sysdeps/generic/unsecvars.h: Add GLIBC_TUNABLES.
	* elf/tst-env-setuid-tunables.c
	(test_child_tunables)[!HAVE_TUNABLES]: Verify that
	GLIBC_TUNABLES is removed in a setgid process.
Diffstat (limited to 'sysdeps')
-rw-r--r--sysdeps/generic/unsecvars.h7
1 files changed, 7 insertions, 0 deletions
diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h
index d5b8119c9c..a74083786e 100644
--- a/sysdeps/generic/unsecvars.h
+++ b/sysdeps/generic/unsecvars.h
@@ -1,9 +1,16 @@
+#if !HAVE_TUNABLES
+# define GLIBC_TUNABLES_ENVVAR "GLIBC_TUNABLES\0"
+#else
+# define GLIBC_TUNABLES_ENVVAR
+#endif
+
 /* Environment variable to be removed for SUID programs.  The names are
    all stuffed in a single string which means they have to be terminated
    with a '\0' explicitly.  */
 #define UNSECURE_ENVVARS \
   "GCONV_PATH\0"							      \
   "GETCONF_DIR\0"							      \
+  GLIBC_TUNABLES_ENVVAR							      \
   "HOSTALIASES\0"							      \
   "LD_AUDIT\0"								      \
   "LD_DEBUG\0"								      \