| commit | 11f7e3dd8fed66e0b8740af440cd3151e55a466f | |
| author | Adhemerval Zanella <adhemerval.zanella@linaro.org> | |
| Mon, 6 Nov 2023 20:25:37 +0000 (6 17:25 -0300) | ||
| committer | Adhemerval Zanella <adhemerval.zanella@linaro.org> | |
| Tue, 21 Nov 2023 19:15:42 +0000 (21 16:15 -0300) | ||
| tree | 69169ddfeb2a8d757a42de6e00707dc4ff247f7f | treesnapshot (tar.gz zip) |
| parent | 9c96c87d60eafa4d78406e606e92b42bd4b570ad | commitdiff |
elf: Add all malloc tunable to unsecvars
Some environment variables allow alteration of allocator behavior
across setuid boundaries, where a setuid program may ignore the
tunable, but its non-setuid child can read it and adjust the memory
allocator behavior accordingly.
Most library behavior tunings is limited to the current process and does
not bleed in scope; so it is unclear how pratical this misfeature is.
If behavior change across privilege boundaries is desirable, it would be
better done with a wrapper program around the non-setuid child that sets
these envvars, instead of using the setuid process as the messenger.
The patch as fixes tst-env-setuid, where it fail if any unsecvars is
set. It also adds a dynamic test, although it requires
--enable-hardcoded-path-in-tests so kernel correctly sets the setuid
bit (using the loader command directly would require to set the
setuid bit on the loader itself, which is not a usual deployment).
Co-authored-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Checked on x86_64-linux-gnu.
Reviewed-by: DJ Delorie <dj@redhat.com>
Some environment variables allow alteration of allocator behavior
across setuid boundaries, where a setuid program may ignore the
tunable, but its non-setuid child can read it and adjust the memory
allocator behavior accordingly.
Most library behavior tunings is limited to the current process and does
not bleed in scope; so it is unclear how pratical this misfeature is.
If behavior change across privilege boundaries is desirable, it would be
better done with a wrapper program around the non-setuid child that sets
these envvars, instead of using the setuid process as the messenger.
The patch as fixes tst-env-setuid, where it fail if any unsecvars is
set. It also adds a dynamic test, although it requires
--enable-hardcoded-path-in-tests so kernel correctly sets the setuid
bit (using the loader command directly would require to set the
setuid bit on the loader itself, which is not a usual deployment).
Co-authored-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Checked on x86_64-linux-gnu.
Reviewed-by: DJ Delorie <dj@redhat.com>
| elf/Makefile | diffblobblamehistory | |
| elf/tst-env-setuid-static.c | [new file with mode: 0644] | blob |
| elf/tst-env-setuid.c | diffblobblamehistory | |
| sysdeps/generic/unsecvars.h | diffblobblamehistory |