| commit | a72a4eb10b2d9aef7a53f9d2facf166a685d85fb | |
| author | Adhemerval Zanella <adhemerval.zanella@linaro.org> | |
| Mon, 6 Nov 2023 20:25:35 +0000 (6 17:25 -0300) | ||
| committer | Adhemerval Zanella <adhemerval.zanella@linaro.org> | |
| Tue, 21 Nov 2023 19:15:42 +0000 (21 16:15 -0300) | ||
| tree | 13139f4c794d9e60c851b99f73ac3771ff09d9ee | treesnapshot (tar.gz zip) |
| parent | 6c6fce572fb8f583f14d898e54fd7d25ae91cf56 | commitdiff |
elf: Add GLIBC_TUNABLES to unsecvars
setuid/setgid process now ignores any glibc tunables, and filters out
all environment variables that might changes its behavior. This patch
also adds GLIBC_TUNABLES, so any spawned process by setuid/setgid
processes should set tunable explicitly.
Checked on x86_64-linux-gnu.
Reviewed-by: Florian Weimer <fweimer@redhat.com>
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
setuid/setgid process now ignores any glibc tunables, and filters out
all environment variables that might changes its behavior. This patch
also adds GLIBC_TUNABLES, so any spawned process by setuid/setgid
processes should set tunable explicitly.
Checked on x86_64-linux-gnu.
Reviewed-by: Florian Weimer <fweimer@redhat.com>
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
| elf/tst-env-setuid-tunables.c | diffblobblamehistory | |
| sysdeps/generic/unsecvars.h | diffblobblamehistory |