diff options
| author | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2024-05-06 13:18:48 -0300 |
|---|---|---|
| committer | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2024-05-07 12:16:36 -0300 |
| commit | eb59c7b43dd5c64c38e4c3cd21e7ad75d8d29cb0 (patch) | |
| tree | 1e328170bed00764e57cb25bda2a1829e1da4f6a /elf/dl-tunables.c | |
| parent | 1e1ad714ee9a663eda0e2bffad1d9f258b00a4e9 (diff) | |
| download | glibc-eb59c7b43dd5c64c38e4c3cd21e7ad75d8d29cb0.zip glibc-eb59c7b43dd5c64c38e4c3cd21e7ad75d8d29cb0.tar.gz glibc-eb59c7b43dd5c64c38e4c3cd21e7ad75d8d29cb0.tar.bz2 | |
elf: Make glibc.rtld.enable_secure ignore alias environment variables
Tunable with environment variables aliases are also ignored if
glibc.rtld.enable_secure is enabled. The tunable parsing is also
optimized a bit, where the loop that checks each environment variable
only checks for the tunables with aliases instead of all tables.
Checked on aarch64-linux-gnu and x86_64-linux-gnu.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Diffstat (limited to 'elf/dl-tunables.c')
| -rw-r--r-- | elf/dl-tunables.c | 36 |
1 files changed, 27 insertions, 9 deletions
diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c index 63cf8c7..147cc4c 100644 --- a/elf/dl-tunables.c +++ b/elf/dl-tunables.c @@ -300,6 +300,9 @@ __tunables_init (char **envp) if (__libc_enable_secure) return; + enum { tunable_num_env_alias = array_length (tunable_env_alias_list) }; + struct tunable_toset_t tunables_env_alias[tunable_num_env_alias] = { 0 }; + while ((envp = get_next_env (envp, &envname, &envval, &prev_envp)) != NULL) { /* The environment variable is allocated on the stack by the kernel, so @@ -311,29 +314,44 @@ __tunables_init (char **envp) continue; } - for (int i = 0; i < tunables_list_size; i++) + for (int i = 0; i < tunable_num_env_alias; i++) { - tunable_t *cur = &tunable_list[i]; + tunable_t *cur = &tunable_list[tunable_env_alias_list[i]]; + const char *name = cur->env_alias; - /* Skip over tunables that have either been set already or should be - skipped. */ - if (cur->initialized || cur->env_alias[0] == '\0') + if (name[0] == '\0') continue; - const char *name = cur->env_alias; - - /* We have a match. Initialize and move on to the next line. */ if (tunable_is_name (name, envname)) { size_t envvallen = 0; /* The environment variable is always null-terminated. */ for (const char *p = envval; *p != '\0'; p++, envvallen++); - tunable_initialize (cur, envval, envvallen); + tunables_env_alias[i] = + (struct tunable_toset_t) { cur, envval, envvallen }; break; } } } + + /* Check if glibc.rtld.enable_secure was set and skip over the environment + variables aliases. */ + if (__libc_enable_secure) + return; + + for (int i = 0; i < tunable_num_env_alias; i++) + { + /* Skip over tunables that have either been set or already initialized. */ + if (tunables_env_alias[i].t == NULL + || tunables_env_alias[i].t->initialized) + continue; + + if (!tunable_initialize (tunables_env_alias[i].t, + tunables_env_alias[i].value, + tunables_env_alias[i].len)) + parse_tunable_print_error (&tunables_env_alias[i]); + } } void |