Ignore and remove LD_HWCAP_MASK for AT_SECURE programs (bug #21209)linaro/2.23/master

The LD_HWCAP_MASK environment variable may alter the selection of function variants for some architectures. For AT_SECURE process it means that if an outdated routine has a bug that would otherwise not affect newer platforms by default, LD_HWCAP_MASK will allow that bug to be exploited. To be on the safe side, ignore and disable LD_HWCAP_MASK for setuid binaries. [BZ #21209] * elf/rtld.c (process_envvars): Ignore LD_HWCAP_MASK for AT_SECURE processes. * sysdeps/generic/unsecvars.h: Add LD_HWCAP_MASK. (cherry picked from commit 1c1243b6fc33c029488add276e56570a07803bfd)
author: Siddhesh Poyarekar <siddhesh@sourceware.org> 2017-03-07 20:52:04 +0530
committer: Adhemerval Zanella <adhemerval.zanella@linaro.org> 2017-07-13 11:36:20 -0300
commit: ceeb0740ed04c48170f9f6f15fef55637ad84e1b (patch)
tree: 2adf4d58544aa760f7fe33a82dd1c3c6c32a0db8
parent: 24adabbe17d24b9cf4f42d81f546359f72515ce3 (diff)
download: glibc-linaro/2.23/master.tar.gz
4 files changed, 11 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index ce6fa9a83e..c23d1ecdc9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2017-03-07  Siddhesh Poyarekar  <siddhesh@sourceware.org>
+
+	[BZ #21209]
+	* elf/rtld.c (process_envvars): Ignore LD_HWCAP_MASK for
+	AT_SECURE processes.
+	* sysdeps/generic/unsecvars.h: Add LD_HWCAP_MASK.
+
 2017-06-19  Florian Weimer  <fweimer@redhat.com>
 
 	* elf/rtld.c (audit_list_string): New variable.
diff --git a/NEWS b/NEWS
index 76a7f6a193..017d3c14f6 100644
--- a/NEWS
+++ b/NEWS
@@ -42,6 +42,7 @@ The following bugs are resolved with this release:
     (CVE-2016-3075)
   [20177] $dp is not initialized correctly in sysdeps/hppa/start.S
   [20357] Incorrect cos result for 1.5174239687223976
+  [21209] Ignore and remove LD_HWCAP_MASK for AT_SECURE programs
   [21289] Fix symbol redirect for fts_set
   [21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366)
 
diff --git a/elf/rtld.c b/elf/rtld.c
index 302bb63620..8f56d6edd3 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -2553,7 +2553,8 @@ process_envvars (enum mode *modep)
 
 	case 10:
 	  /* Mask for the important hardware capabilities.  */
-	  if (memcmp (envline, "HWCAP_MASK", 10) == 0)
+	  if (!__libc_enable_secure
+	      && memcmp (envline, "HWCAP_MASK", 10) == 0)
 	    GLRO(dl_hwcap_mask) = __strtoul_internal (&envline[11], NULL,
 						      0, 0);
 	  break;
diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h
index 3e56538b51..ac57bd5db0 100644
--- a/sysdeps/generic/unsecvars.h
+++ b/sysdeps/generic/unsecvars.h
@@ -10,6 +10,7 @@
   "LD_DEBUG\0"								      \
   "LD_DEBUG_OUTPUT\0"							      \
   "LD_DYNAMIC_WEAK\0"							      \
+  "LD_HWCAP_MASK\0"							      \
   "LD_LIBRARY_PATH\0"							      \
   "LD_ORIGIN_PATH\0"							      \
   "LD_PRELOAD\0"							      \
author	Siddhesh Poyarekar <siddhesh@sourceware.org>	2017-03-07 20:52:04 +0530
committer	Adhemerval Zanella <adhemerval.zanella@linaro.org>	2017-07-13 11:36:20 -0300
commit	ceeb0740ed04c48170f9f6f15fef55637ad84e1b (patch)
tree	2adf4d58544aa760f7fe33a82dd1c3c6c32a0db8
parent	24adabbe17d24b9cf4f42d81f546359f72515ce3 (diff)
download	glibc-linaro/2.23/master.tar.gz