diff options
| author | Siddhesh Poyarekar <siddhesh@sourceware.org> | 2017-02-02 15:48:06 +0530 |
|---|---|---|
| committer | Siddhesh Poyarekar <siddhesh@sourceware.org> | 2017-02-02 15:50:24 +0530 |
| commit | ed8d5ffd0a14e84298a15ae2ec9b799010166b28 (patch) | |
| tree | 6cabcdeec197523b72b6e88a1910cd97176f766d | |
| parent | 8b9e9c3c0bae497ad5e2d0ae2f333f62feddcc12 (diff) | |
| download | glibc-ed8d5ffd0a14e84298a15ae2ec9b799010166b28.tar.gz | |
Drop GLIBC_TUNABLES for setxid programs when tunables is disabled (bz #21073)
A setxid program that uses a glibc with tunables disabled may pass on
GLIBC_TUNABLES as is to its child processes. If the child process
ends up using a different glibc that has tunables enabled, it will end
up getting access to unsafe tunables. To fix this, remove
GLIBC_TUNABLES from the environment for setxid process.
* sysdeps/generic/unsecvars.h: Add GLIBC_TUNABLES.
* elf/tst-env-setuid-tunables.c
(test_child_tunables)[!HAVE_TUNABLES]: Verify that
GLIBC_TUNABLES is removed in a setgid process.
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | elf/tst-env-setuid-tunables.c | 9 | ||||
| -rw-r--r-- | sysdeps/generic/unsecvars.h | 7 |
3 files changed, 21 insertions, 0 deletions
@@ -1,5 +1,10 @@ 2017-02-02 Siddhesh Poyarekar <siddhesh@sourceware.org> + * sysdeps/generic/unsecvars.h: Add GLIBC_TUNABLES. + * elf/tst-env-setuid-tunables.c + (test_child_tunables)[!HAVE_TUNABLES]: Verify that + GLIBC_TUNABLES is removed in a setgid process. + [BZ #21073] * elf/dl-tunable-types.h (tunable_seclevel_t): New enum. * elf/dl-tunables.c (tunables_strdup): Remove. diff --git a/elf/tst-env-setuid-tunables.c b/elf/tst-env-setuid-tunables.c index a563f69972..a5f0a81ef3 100644 --- a/elf/tst-env-setuid-tunables.c +++ b/elf/tst-env-setuid-tunables.c @@ -36,6 +36,7 @@ test_child_tunables (void) { const char *val = getenv ("GLIBC_TUNABLES"); +#if HAVE_TUNABLES if (val != NULL && strcmp (val, CHILD_VALSTRING_VALUE) == 0) return 0; @@ -43,6 +44,14 @@ test_child_tunables (void) printf ("Unexpected GLIBC_TUNABLES VALUE %s\n", val); return 1; +#else + if (val != NULL) + { + printf ("GLIBC_TUNABLES not cleared\n"); + return 1; + } + return 0; +#endif } static int diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h index d5b8119c9c..a74083786e 100644 --- a/sysdeps/generic/unsecvars.h +++ b/sysdeps/generic/unsecvars.h @@ -1,9 +1,16 @@ +#if !HAVE_TUNABLES +# define GLIBC_TUNABLES_ENVVAR "GLIBC_TUNABLES\0" +#else +# define GLIBC_TUNABLES_ENVVAR +#endif + /* Environment variable to be removed for SUID programs. The names are all stuffed in a single string which means they have to be terminated with a '\0' explicitly. */ #define UNSECURE_ENVVARS \ "GCONV_PATH\0" \ "GETCONF_DIR\0" \ + GLIBC_TUNABLES_ENVVAR \ "HOSTALIASES\0" \ "LD_AUDIT\0" \ "LD_DEBUG\0" \ |