mirror of
				https://sourceware.org/git/glibc.git
				synced 2025-10-24 13:33:08 +03:00 
			
		
		
		
	The LD_HWCAP_MASK environment variable may alter the selection of function variants for some architectures. For AT_SECURE process it means that if an outdated routine has a bug that would otherwise not affect newer platforms by default, LD_HWCAP_MASK will allow that bug to be exploited. To be on the safe side, ignore and disable LD_HWCAP_MASK for setuid binaries. [BZ #21209] * elf/rtld.c (process_envvars): Ignore LD_HWCAP_MASK for AT_SECURE processes. * sysdeps/generic/unsecvars.h: Add LD_HWCAP_MASK. * elf/tst-env-setuid.c (test_parent): Test LD_HWCAP_MASK. (test_child): Likewise. * elf/Makefile (tst-env-setuid-ENV): Add LD_HWCAP_MASK.
		
			
				
	
	
		
			35 lines
		
	
	
		
			1.1 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			35 lines
		
	
	
		
			1.1 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| #if !HAVE_TUNABLES
 | |
| # define GLIBC_TUNABLES_ENVVAR "GLIBC_TUNABLES\0"
 | |
| #else
 | |
| # define GLIBC_TUNABLES_ENVVAR
 | |
| #endif
 | |
| 
 | |
| /* Environment variable to be removed for SUID programs.  The names are
 | |
|    all stuffed in a single string which means they have to be terminated
 | |
|    with a '\0' explicitly.  */
 | |
| #define UNSECURE_ENVVARS \
 | |
|   "GCONV_PATH\0"							      \
 | |
|   "GETCONF_DIR\0"							      \
 | |
|   GLIBC_TUNABLES_ENVVAR							      \
 | |
|   "HOSTALIASES\0"							      \
 | |
|   "LD_AUDIT\0"								      \
 | |
|   "LD_DEBUG\0"								      \
 | |
|   "LD_DEBUG_OUTPUT\0"							      \
 | |
|   "LD_DYNAMIC_WEAK\0"							      \
 | |
|   "LD_HWCAP_MASK\0"							      \
 | |
|   "LD_LIBRARY_PATH\0"							      \
 | |
|   "LD_ORIGIN_PATH\0"							      \
 | |
|   "LD_PRELOAD\0"							      \
 | |
|   "LD_PROFILE\0"							      \
 | |
|   "LD_SHOW_AUXV\0"							      \
 | |
|   "LD_USE_LOAD_BIAS\0"							      \
 | |
|   "LOCALDOMAIN\0"							      \
 | |
|   "LOCPATH\0"								      \
 | |
|   "MALLOC_TRACE\0"							      \
 | |
|   "NIS_PATH\0"								      \
 | |
|   "NLSPATH\0"								      \
 | |
|   "RESOLV_HOST_CONF\0"							      \
 | |
|   "RES_OPTIONS\0"							      \
 | |
|   "TMPDIR\0"								      \
 | |
|   "TZDIR\0"
 |