[prev in list] [next in list] [prev in thread] [next in thread]
List: glibc-alpha
Subject: [PATCH 0/2] Environment variable security and tunables
From: Siddhesh Poyarekar <siddhesh () sourceware ! org>
Date: 2017-01-29 17:23:08
Message-ID: 1485709870-25804-1-git-send-email-siddhesh () sourceware ! org
[Download RAW message or body]
Hi,
Here's a patchset that fixes environment variable processing for AT_SECURE
processes. The second patch removes GLIBC_TUNABLES from AT_SECURE processes
even when tunables are not built, to avoid passing on the variable (and hence
unsafe tunables) to child processes who may end up loading a glibc with
tunables enabled.
I will follow up with a patch for 2.24 to add GLIBC_TUNABLES to
unsecure-envvars.
Siddhesh
Siddhesh Poyarekar (2):
tunables: Fix environment variable processing for setuid binaries
Erase GLIBC_TUNABLES for setxid processes when tunables is disabled
elf/dl-tunable-types.h | 15 +++++
elf/dl-tunables.c | 165 +++++++++++++++++++++++++++++------------------
elf/dl-tunables.h | 64 ++++++++++++++++--
elf/dl-tunables.list | 16 ++++-
scripts/gen-tunables.awk | 8 +--
5 files changed, 191 insertions(+), 77 deletions(-)
--
2.7.4
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic