diff options
| author | Siddhesh Poyarekar <siddhesh@sourceware.org> | 2017-02-02 16:15:45 +0530 |
|---|---|---|
| committer | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2017-04-06 10:55:17 -0300 |
| commit | ccae0be67362d2d4c56863cd2327e2c7c03a3c7f (patch) | |
| tree | 369ff510659b2f04fcc16a62f5a9a6f88d041048 | |
| parent | f0a8620883f1769c5161c5389373a7e828f7eaf9 (diff) | |
| download | glibc-ccae0be67362d2d4c56863cd2327e2c7c03a3c7f.zip glibc-ccae0be67362d2d4c56863cd2327e2c7c03a3c7f.tar.gz glibc-ccae0be67362d2d4c56863cd2327e2c7c03a3c7f.tar.bz2 | |
Drop GLIBC_TUNABLES in setxid processes
Drop the GLIBC_TUNABLES environment variable from the environment of
setxid processes to avoid passing it on to non-setxid children. This
prevents potentially insecure tunables in the GLIBC_TUNABLES envvar
from crossing over into a child that may use a libc that has tunables
support.
* sysdeps/generic/unsecvars.h: Add GLIBC_TUNABLES.
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | sysdeps/generic/unsecvars.h | 1 |
2 files changed, 5 insertions, 0 deletions
@@ -1,3 +1,7 @@ +2017-04-06 Siddhesh Poyarekar <siddhesh@sourceware.org> + + * sysdeps/generic/unsecvars.h: Add GLIBC_TUNABLES. + 2017-04-06 Denis Kaganovich <mahatma@eu.by> Magnus Granberg <zorry@gentoo.org> Mike Frysinger <vapier@gentoo.org> diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h index d5b8119..3e56538 100644 --- a/sysdeps/generic/unsecvars.h +++ b/sysdeps/generic/unsecvars.h @@ -4,6 +4,7 @@ #define UNSECURE_ENVVARS \ "GCONV_PATH\0" \ "GETCONF_DIR\0" \ + "GLIBC_TUNABLES\0" \ "HOSTALIASES\0" \ "LD_AUDIT\0" \ "LD_DEBUG\0" \ |