[prev in list] [next in list] [prev in thread] [next in thread] 

List:       glibc-alpha
Subject:    [PATCH 0/2] Environment variable security and tunables
From:       Siddhesh Poyarekar <siddhesh () sourceware ! org>
Date:       2017-01-29 17:23:08
Message-ID: 1485709870-25804-1-git-send-email-siddhesh () sourceware ! org
[Download RAW message or body]

Hi,

Here's a patchset that fixes environment variable processing for AT_SECURE
processes.  The second patch removes GLIBC_TUNABLES from AT_SECURE processes
even when tunables are not built, to avoid passing on the variable (and hence
unsafe tunables) to child processes who may end up loading a glibc with
tunables enabled.

I will follow up with a patch for 2.24 to add GLIBC_TUNABLES to
unsecure-envvars.

Siddhesh

Siddhesh Poyarekar (2):
  tunables: Fix environment variable processing for setuid binaries
  Erase GLIBC_TUNABLES for setxid processes when tunables is disabled

 elf/dl-tunable-types.h   |  15 +++++
 elf/dl-tunables.c        | 165 +++++++++++++++++++++++++++++------------------
 elf/dl-tunables.h        |  64 ++++++++++++++++--
 elf/dl-tunables.list     |  16 ++++-
 scripts/gen-tunables.awk |   8 +--
 5 files changed, 191 insertions(+), 77 deletions(-)

-- 
2.7.4

[prev in list] [next in list] [prev in thread] [next in thread]