1c1243b6fc
The LD_HWCAP_MASK environment variable may alter the selection of function variants for some architectures. For AT_SECURE process it means that if an outdated routine has a bug that would otherwise not affect newer platforms by default, LD_HWCAP_MASK will allow that bug to be exploited. To be on the safe side, ignore and disable LD_HWCAP_MASK for setuid binaries. [BZ #21209] * elf/rtld.c (process_envvars): Ignore LD_HWCAP_MASK for AT_SECURE processes. * sysdeps/generic/unsecvars.h: Add LD_HWCAP_MASK. * elf/tst-env-setuid.c (test_parent): Test LD_HWCAP_MASK. (test_child): Likewise. * elf/Makefile (tst-env-setuid-ENV): Add LD_HWCAP_MASK.
35 lines
1.1 KiB
C
35 lines
1.1 KiB
C
#if !HAVE_TUNABLES
|
|
# define GLIBC_TUNABLES_ENVVAR "GLIBC_TUNABLES\0"
|
|
#else
|
|
# define GLIBC_TUNABLES_ENVVAR
|
|
#endif
|
|
|
|
/* Environment variable to be removed for SUID programs. The names are
|
|
all stuffed in a single string which means they have to be terminated
|
|
with a '\0' explicitly. */
|
|
#define UNSECURE_ENVVARS \
|
|
"GCONV_PATH\0" \
|
|
"GETCONF_DIR\0" \
|
|
GLIBC_TUNABLES_ENVVAR \
|
|
"HOSTALIASES\0" \
|
|
"LD_AUDIT\0" \
|
|
"LD_DEBUG\0" \
|
|
"LD_DEBUG_OUTPUT\0" \
|
|
"LD_DYNAMIC_WEAK\0" \
|
|
"LD_HWCAP_MASK\0" \
|
|
"LD_LIBRARY_PATH\0" \
|
|
"LD_ORIGIN_PATH\0" \
|
|
"LD_PRELOAD\0" \
|
|
"LD_PROFILE\0" \
|
|
"LD_SHOW_AUXV\0" \
|
|
"LD_USE_LOAD_BIAS\0" \
|
|
"LOCALDOMAIN\0" \
|
|
"LOCPATH\0" \
|
|
"MALLOC_TRACE\0" \
|
|
"NIS_PATH\0" \
|
|
"NLSPATH\0" \
|
|
"RESOLV_HOST_CONF\0" \
|
|
"RES_OPTIONS\0" \
|
|
"TMPDIR\0" \
|
|
"TZDIR\0"
|