| commit | ed8d5ffd0a14e84298a15ae2ec9b799010166b28 | |
| author | Siddhesh Poyarekar <siddhesh@sourceware.org> | |
| Thu, 2 Feb 2017 10:18:06 +0000 (2 15:48 +0530) | ||
| committer | Siddhesh Poyarekar <siddhesh@sourceware.org> | |
| Thu, 2 Feb 2017 10:20:24 +0000 (2 15:50 +0530) | ||
| tree | 6cabcdeec197523b72b6e88a1910cd97176f766d | treesnapshot (tar.gz zip) |
| parent | 8b9e9c3c0bae497ad5e2d0ae2f333f62feddcc12 | commitdiff |
Drop GLIBC_TUNABLES for setxid programs when tunables is disabled (bz #21073)
A setxid program that uses a glibc with tunables disabled may pass on
GLIBC_TUNABLES as is to its child processes. If the child process
ends up using a different glibc that has tunables enabled, it will end
up getting access to unsafe tunables. To fix this, remove
GLIBC_TUNABLES from the environment for setxid process.
* sysdeps/generic/unsecvars.h: Add GLIBC_TUNABLES.
* elf/tst-env-setuid-tunables.c
(test_child_tunables)[!HAVE_TUNABLES]: Verify that
GLIBC_TUNABLES is removed in a setgid process.
A setxid program that uses a glibc with tunables disabled may pass on
GLIBC_TUNABLES as is to its child processes. If the child process
ends up using a different glibc that has tunables enabled, it will end
up getting access to unsafe tunables. To fix this, remove
GLIBC_TUNABLES from the environment for setxid process.
* sysdeps/generic/unsecvars.h: Add GLIBC_TUNABLES.
* elf/tst-env-setuid-tunables.c
(test_child_tunables)[!HAVE_TUNABLES]: Verify that
GLIBC_TUNABLES is removed in a setgid process.
| ChangeLog | diffblobblamehistory | |
| elf/tst-env-setuid-tunables.c | diffblobblamehistory | |
| sysdeps/generic/unsecvars.h | diffblobblamehistory |