lib/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2025-07-29 11:41:21 +03:00
Code Activity

Drop GLIBC_TUNABLES for setxid programs when tunables is disabled (bz #21073)

Browse Source 
A setxid program that uses a glibc with tunables disabled may pass on
GLIBC_TUNABLES as is to its child processes.  If the child process
ends up using a different glibc that has tunables enabled, it will end
up getting access to unsafe tunables.  To fix this, remove
GLIBC_TUNABLES from the environment for setxid process.

	* sysdeps/generic/unsecvars.h: Add GLIBC_TUNABLES.
	* elf/tst-env-setuid-tunables.c
	(test_child_tunables)[!HAVE_TUNABLES]: Verify that
	GLIBC_TUNABLES is removed in a setgid process.
This commit is contained in:
Siddhesh Poyarekar
2017-02-02 15:48:06 +05:30
parent 8b9e9c3c0b
commit ed8d5ffd0a
3 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
elf/tst-env-setuid-tunables.c
View File

@ -36,6 +36,7 @@ test_child_tunables (void)
{
const char *val = getenv ("GLIBC_TUNABLES");
#if HAVE_TUNABLES
if (val != NULL && strcmp (val, CHILD_VALSTRING_VALUE) == 0)
return 0;
@ -43,6 +44,14 @@ test_child_tunables (void)
printf ("Unexpected GLIBC_TUNABLES VALUE %s\n", val);
return 1;
#else
if (val != NULL)
{
printf ("GLIBC_TUNABLES not cleared\n");
return 1;
}
return 0;
#endif
}
static int