Update.

2000-09-26  Thorsten Kukuk  <kukuk@suse.de>

	* nscd/dbg_log.c (dbg_log): Add missing format string.

	* catgets/catgets.c (catopen): Use getenv instead of __secure_getenv
	since we filter out the variable once.
	* iconv/gconv_conf.c (__gconv_get_path): Likewise.
	* locale/newlocale.c (__newlocale): Likewise.
	* locale/setlocale.c (setlocale): Likewise.
	* malloc/malloc.c (ptmalloc_init): Likewise.
	* resolv/res_hconf.c (_res_hconf_init): Likewise.
	* resolv/res_init.c (__res_vinit): Likewise.
	* time/tzfile.c (__tzfile_read): Likewise.
	* sysdeps/generic/unsecvars.h: New file.
	* elf/dl-support.c (non_dynamic_init): Use it here to remove variables.
	* elf/rtld.c (process_envvars): Likewise.
	* elf/Makefile (distribute): Add unsecvars.h.

ChangeLog

@@ -1,5 +1,23 @@
+2000-09-26  Thorsten Kukuk  <kukuk@suse.de>
+
+	* nscd/dbg_log.c (dbg_log): Add missing format string.
+
 2000-09-26  Ulrich Drepper  <drepper@redhat.com>
 
+	* catgets/catgets.c (catopen): Use getenv instead of __secure_getenv
+	since we filter out the variable once.
+	* iconv/gconv_conf.c (__gconv_get_path): Likewise.
+	* locale/newlocale.c (__newlocale): Likewise.
+	* locale/setlocale.c (setlocale): Likewise.
+	* malloc/malloc.c (ptmalloc_init): Likewise.
+	* resolv/res_hconf.c (_res_hconf_init): Likewise.
+	* resolv/res_init.c (__res_vinit): Likewise.
+	* time/tzfile.c (__tzfile_read): Likewise.
+	* sysdeps/generic/unsecvars.h: New file.
+	* elf/dl-support.c (non_dynamic_init): Use it here to remove variables.
+	* elf/rtld.c (process_envvars): Likewise.
+	* elf/Makefile (distribute): Add unsecvars.h.
+
 	* misc/daemon.c (daemon): Fail if !noclose and we cannot open the
 	real /dev/null device.
 

catgets/catgets.c

@@ -56,7 +56,7 @@ catopen (const char *cat_name, int flag)
 
       env_var_len = strlen (env_var) + 1;
 
-      nlspath = __secure_getenv ("NLSPATH");
+      nlspath = getenv ("NLSPATH");
       if (nlspath != NULL && *nlspath != '\0')
 	{
 	  /* Append the system dependent directory.  */

elf/Makefile

@@ -46,7 +46,7 @@ distribute	:= $(rtld-routines:=.c) dynamic-link.h do-rel.h dl-machine.h \
 		   testobj1.c testobj2.c testobj3.c testobj4.c testobj5.c \
 		   testobj6.c testobj1_1.c failobj.c unloadmod.c \
 		   ldconfig.h ldconfig.c cache.c readlib.c readelflib.c \
-		   dep1.c dep2.c dep3.c dep4.c dl-dtprocnum.h \
+		   dep1.c dep2.c dep3.c dep4.c dl-dtprocnum.h unsecvars.h \
 		   vismain.c vismod1.c vismod2.c vismod3.c \
 		   constload2.c constload3.c filtmod1.c filtmod2.c \
 		   nodlopenmod.c nodelete.c nodelmod1.c nodelmod2.c \

elf/dl-support.c

@@ -27,6 +27,8 @@
 #include <ldsodefs.h>
 #include <dl-machine.h>
 #include <bits/libc-lock.h>
+#include <dl-librecon.h>
+#include <unsecvars.h>
 
 extern char *__progname;
 char **_dl_argv = &__progname;	/* This is checked for some error messages.  */
@@ -125,6 +127,26 @@ non_dynamic_init (void)
 
   _dl_dynamic_weak = *(getenv ("LD_DYNAMIC_WEAK") ?: "") == '\0';
 
+  if (__libc_enable_secure)
+    {
+      static const char *unsecure_envvars[] =
+      {
+	UNSECURE_ENVVARS,
+#ifdef EXTRA_UNSECURE_ENVVARS
+	EXTRA_UNSECURE_ENVVARS
+#endif
+      };
+      size_t cnt;
+
+      for (cnt = 0;
+	   cnt < sizeof (unsecure_envvars) / sizeof (unsecure_envvars[0]);
+	   ++cnt)
+	unsetenv (unsecure_envvars[cnt]);
+
+      if (__access ("/etc/suid-debug", F_OK) != 0)
+	unsetenv ("MALLOC_CHECK_");
+    }
+
 #ifdef DL_PLATFORM_INIT
   DL_PLATFORM_INIT;
 #endif

elf/rtld.c

@@ -30,6 +30,7 @@
 #include <bits/libc-lock.h>
 #include "dynamic-link.h"
 #include "dl-librecon.h"
+#include <unsecvars.h>
 
 #include <assert.h>
 
@@ -1465,6 +1466,7 @@ process_envvars (enum mode *modep, int *lazyp)
     {
       static const char *unsecure_envvars[] =
       {
+	UNSECURE_ENVVARS,
 #ifdef EXTRA_UNSECURE_ENVVARS
 	EXTRA_UNSECURE_ENVVARS
 #endif
@@ -1486,6 +1488,9 @@ process_envvars (enum mode *modep, int *lazyp)
 	   cnt < sizeof (unsecure_envvars) / sizeof (unsecure_envvars[0]);
 	   ++cnt)
 	unsetenv (unsecure_envvars[cnt]);
+
+      if (__access ("/etc/suid-debug", F_OK) != 0)
+	unsetenv ("MALLOC_CHECK_");
     }
 
   /* The name of the object to profile cannot be empty.  */

iconv/gconv_conf.c

@@ -420,7 +420,7 @@ __gconv_get_path (void)
       char *cwd;
       size_t cwdlen;
 
-      user_path = __secure_getenv ("GCONV_PATH");
+      user_path = getenv ("GCONV_PATH");
       if (user_path == NULL)
 	{
 	  /* No user-defined path.  Make a modifiable copy of the

locale/newlocale.c

@@ -91,7 +91,7 @@ __newlocale (int category_mask, const char *locale, __locale_t base)
   locale_path = NULL;
   locale_path_len = 0;
 
-  locpath_var = __secure_getenv ("LOCPATH");
+  locpath_var = getenv ("LOCPATH");
   if (locpath_var != NULL && locpath_var[0] != '\0')
     if (__argz_create_sep (locpath_var, ':',
 			   &locale_path, &locale_path_len) != 0)

locale/setlocale.c

@@ -239,7 +239,7 @@ setlocale (int category, const char *locale)
   locale_path = NULL;
   locale_path_len = 0;
 
-  locpath_var = __secure_getenv ("LOCPATH");
+  locpath_var = getenv ("LOCPATH");
   if (locpath_var != NULL && locpath_var[0] != '\0')
     if (__argz_create_sep (locpath_var, ':',
 			   &locale_path, &locale_path_len) != 0)

malloc/malloc.c

@@ -1722,7 +1722,7 @@ ptmalloc_init __MALLOC_P((void))
 	mALLOPt(M_MMAP_MAX, atoi(s));
     }
   s = getenv("MALLOC_CHECK_");
-  if(s && (! secure || access ("/etc/suid-debug", F_OK) == 0)) {
+  if(s) {
     if(s[0]) mALLOPt(M_CHECK_ACTION, (int)(s[0] - '0'));
     __malloc_check_init();
   }

nscd/dbg_log.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 1998 Free Software Foundation, Inc.
+/* Copyright (c) 1998, 2000 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1998.
 
@@ -61,7 +61,7 @@ dbg_log (const char *fmt,...)
   else
     {
       snprintf (msg, sizeof (msg), "%d: %s", getpid (), msg2);
-      syslog (LOG_NOTICE, msg);
+      syslog (LOG_NOTICE, "%s", msg);
     }
   va_end (ap);
 }

resolv/res_hconf.c

@@ -327,7 +327,7 @@ _res_hconf_init (void)
 
   memset (&_res_hconf, '\0', sizeof (_res_hconf));
 
-  hconf_name = __secure_getenv (ENV_HOSTCONF);
+  hconf_name = getenv (ENV_HOSTCONF);
   if (hconf_name == NULL)
     hconf_name = _PATH_HOSTCONF;
 

resolv/res_init.c

@@ -185,7 +185,7 @@ __res_vinit(res_state statp, int preinit) {
 #endif
 
 	/* Allow user to override the local domain definition */
-	if ((cp = __secure_getenv("LOCALDOMAIN")) != NULL) {
+	if ((cp = getenv("LOCALDOMAIN")) != NULL) {
 		(void)strncpy(statp->defdname, cp, sizeof(statp->defdname) - 1);
 		statp->defdname[sizeof(statp->defdname) - 1] = '\0';
 		haveenv++;
@@ -423,7 +423,7 @@ __res_vinit(res_state statp, int preinit) {
 #endif /* !RFC1535 */
 	}
 
-	if ((cp = __secure_getenv("RES_OPTIONS")) != NULL)
+	if ((cp = getenv("RES_OPTIONS")) != NULL)
 		res_setoptions(statp, cp, "env");
 	statp->options |= RES_INIT;
 	return (0);

sysdeps/generic/unsecvars.h

@@ -0,0 +1,11 @@
+/* Environment variable to be removed for SUID programs.  */
+#define UNSECURE_ENVVARS \
+  "GCONV_PATH",								      \
+  "LOCALDOMAIN",							      \
+  "LOCPATH",								      \
+  "MALLOC_TRACE",							      \
+  "NLSPATH",								      \
+  "RESOLV_HOST_CONF"							      \
+  "RES_OPTIONS",							      \
+  "TMPDIR",								      \
+  "TZDIR"

time/tzfile.c

@@ -1,4 +1,4 @@
-/* Copyright (C) 1991,92,93,95,96,97,98,99 Free Software Foundation, Inc.
+/* Copyright (C) 1991,92,93,95,96,97,98,99,2000 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -130,7 +130,7 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
       unsigned int len, tzdir_len;
       char *new, *tmp;
 
-      tzdir = __secure_getenv ("TZDIR");
+      tzdir = getenv ("TZDIR");
       if (tzdir == NULL || *tzdir == '\0')
 	{
 	  tzdir = default_tzdir;