From ed8d5ffd0a14e84298a15ae2ec9b799010166b28 Mon Sep 17 00:00:00 2001
From: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Thu, 2 Feb 2017 15:48:06 +0530
Subject: Drop GLIBC_TUNABLES for setxid programs when tunables is disabled (bz
 #21073)

A setxid program that uses a glibc with tunables disabled may pass on
GLIBC_TUNABLES as is to its child processes.  If the child process
ends up using a different glibc that has tunables enabled, it will end
up getting access to unsafe tunables.  To fix this, remove
GLIBC_TUNABLES from the environment for setxid process.

	* sysdeps/generic/unsecvars.h: Add GLIBC_TUNABLES.
	* elf/tst-env-setuid-tunables.c
	(test_child_tunables)[!HAVE_TUNABLES]: Verify that
	GLIBC_TUNABLES is removed in a setgid process.
---
 sysdeps/generic/unsecvars.h | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'sysdeps/generic')

diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h
index d5b8119c9c..a74083786e 100644
--- a/sysdeps/generic/unsecvars.h
+++ b/sysdeps/generic/unsecvars.h
@@ -1,9 +1,16 @@
+#if !HAVE_TUNABLES
+# define GLIBC_TUNABLES_ENVVAR "GLIBC_TUNABLES\0"
+#else
+# define GLIBC_TUNABLES_ENVVAR
+#endif
+
 /* Environment variable to be removed for SUID programs.  The names are
    all stuffed in a single string which means they have to be terminated
    with a '\0' explicitly.  */
 #define UNSECURE_ENVVARS \
   "GCONV_PATH\0"							      \
   "GETCONF_DIR\0"							      \
+  GLIBC_TUNABLES_ENVVAR							      \
   "HOSTALIASES\0"							      \
   "LD_AUDIT\0"								      \
   "LD_DEBUG\0"								      \
-- 
cgit 1.4.1