diff options
author | Siddhesh Poyarekar <siddhesh@sourceware.org> | 2017-02-02 15:48:06 +0530 |
---|---|---|
committer | Siddhesh Poyarekar <siddhesh@sourceware.org> | 2017-02-02 15:50:24 +0530 |
commit | ed8d5ffd0a14e84298a15ae2ec9b799010166b28 (patch) | |
tree | 6cabcdeec197523b72b6e88a1910cd97176f766d /scripts/lib-names.awk | |
parent | 8b9e9c3c0bae497ad5e2d0ae2f333f62feddcc12 (diff) | |
download | glibc-ed8d5ffd0a14e84298a15ae2ec9b799010166b28.zip glibc-ed8d5ffd0a14e84298a15ae2ec9b799010166b28.tar.gz glibc-ed8d5ffd0a14e84298a15ae2ec9b799010166b28.tar.bz2 |
Drop GLIBC_TUNABLES for setxid programs when tunables is disabled (bz #21073)
A setxid program that uses a glibc with tunables disabled may pass on
GLIBC_TUNABLES as is to its child processes. If the child process
ends up using a different glibc that has tunables enabled, it will end
up getting access to unsafe tunables. To fix this, remove
GLIBC_TUNABLES from the environment for setxid process.
* sysdeps/generic/unsecvars.h: Add GLIBC_TUNABLES.
* elf/tst-env-setuid-tunables.c
(test_child_tunables)[!HAVE_TUNABLES]: Verify that
GLIBC_TUNABLES is removed in a setgid process.
Diffstat (limited to 'scripts/lib-names.awk')
0 files changed, 0 insertions, 0 deletions