From 71648e80042658f23965924616fb7db9c2fccff9 Mon Sep 17 00:00:00 2001
From: Joe Simmons-Talbott <josimmon@redhat.com>
Date: Thu, 29 Feb 2024 19:55:58 +0000
Subject: rtld: Add glibc.rtld.enable_secure tunable.

Add a tunable for setting __libc_enable_secure to 1.  Do not set
__libc_enable_secure to 0 if the tunable is set to 0.  Ignore all
tunables if glib.rtld.enable_secure is set.  One use-case for this
addition is to enable testing code paths that depend on
__libc_enable_secure being set without the need to use setxid binaries.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
---
 NEWS | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 2d8eaffc58..19f4e93ea3 100644
--- a/NEWS
+++ b/NEWS
@@ -103,6 +103,11 @@ Major new features:
   exp, expf, exp10, exp10f, exp2, exp2f, expm1, expm1f, log, logf,
   log10, log10f, log1p, log1pf, log2, log2f, sin, sinf, tan, tanf.
 
+* A new tunable, glibc.rtld.enable_secure, used to run a program
+  as if it were a setuid process. This is currently a testing tool to allow
+  more extensive verification tests for AT_SECURE programs and not meant to
+  be a security feature.
+
 Deprecated and removed features, and other changes affecting compatibility:
 
 * The ldconfig program now skips file names containing ';' or ending in
-- 
cgit 1.4.1