diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | elf/tst-env-setuid-tunables.c | 9 | ||||
-rw-r--r-- | sysdeps/generic/unsecvars.h | 7 |
3 files changed, 21 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog index aed8764272..a210e631f4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ 2017-02-02 Siddhesh Poyarekar <siddhesh@sourceware.org> + * sysdeps/generic/unsecvars.h: Add GLIBC_TUNABLES. + * elf/tst-env-setuid-tunables.c + (test_child_tunables)[!HAVE_TUNABLES]: Verify that + GLIBC_TUNABLES is removed in a setgid process. + [BZ #21073] * elf/dl-tunable-types.h (tunable_seclevel_t): New enum. * elf/dl-tunables.c (tunables_strdup): Remove. diff --git a/elf/tst-env-setuid-tunables.c b/elf/tst-env-setuid-tunables.c index a563f69972..a5f0a81ef3 100644 --- a/elf/tst-env-setuid-tunables.c +++ b/elf/tst-env-setuid-tunables.c @@ -36,6 +36,7 @@ test_child_tunables (void) { const char *val = getenv ("GLIBC_TUNABLES"); +#if HAVE_TUNABLES if (val != NULL && strcmp (val, CHILD_VALSTRING_VALUE) == 0) return 0; @@ -43,6 +44,14 @@ test_child_tunables (void) printf ("Unexpected GLIBC_TUNABLES VALUE %s\n", val); return 1; +#else + if (val != NULL) + { + printf ("GLIBC_TUNABLES not cleared\n"); + return 1; + } + return 0; +#endif } static int diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h index d5b8119c9c..a74083786e 100644 --- a/sysdeps/generic/unsecvars.h +++ b/sysdeps/generic/unsecvars.h @@ -1,9 +1,16 @@ +#if !HAVE_TUNABLES +# define GLIBC_TUNABLES_ENVVAR "GLIBC_TUNABLES\0" +#else +# define GLIBC_TUNABLES_ENVVAR +#endif + /* Environment variable to be removed for SUID programs. The names are all stuffed in a single string which means they have to be terminated with a '\0' explicitly. */ #define UNSECURE_ENVVARS \ "GCONV_PATH\0" \ "GETCONF_DIR\0" \ + GLIBC_TUNABLES_ENVVAR \ "HOSTALIASES\0" \ "LD_AUDIT\0" \ "LD_DEBUG\0" \ |