From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <maskray@sourceware.org>
Received: by sourceware.org (Postfix, from userid 7814)
 id 3426A3858D3C; Tue, 19 Apr 2022 22:52:29 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3426A3858D3C
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Fangrui Song <maskray@sourceware.org>
To: glibc-cvs@sourceware.org
Subject: [glibc] elf: Remove __libc_init_secure
X-Act-Checkin: glibc
X-Git-Author: Fangrui Song <maskray@google.com>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: 78fb88827362fbd2cc8aa32892ae5b015106e25c
X-Git-Newrev: 3e9acce8c50883b6cd8a3fb653363d9fa21e1608
Message-Id: <20220419225229.3426A3858D3C@sourceware.org>
Date: Tue, 19 Apr 2022 22:52:29 +0000 (GMT)
X-BeenThere: glibc-cvs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Glibc-cvs mailing list <glibc-cvs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/glibc-cvs>,
 <mailto:glibc-cvs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/glibc-cvs/>
List-Help: <mailto:glibc-cvs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/glibc-cvs>,
 <mailto:glibc-cvs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Apr 2022 22:52:29 -0000

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3e9acce8c50883b6cd8a3fb653363d9fa21e1608

commit 3e9acce8c50883b6cd8a3fb653363d9fa21e1608
Author: Fangrui Song <maskray@google.com>
Date:   Tue Apr 19 15:52:27 2022 -0700

    elf: Remove __libc_init_secure
    
    After 73fc4e28b9464f0e13edc719a5372839970e7ddb,
    __libc_enable_secure_decided is always 0 and a statically linked
    executable may overwrite __libc_enable_secure without considering
    AT_SECURE.
    
    The __libc_enable_secure has been correctly initialized in _dl_aux_init,
    so just remove __libc_enable_secure_decided and __libc_init_secure.
    This allows us to remove some startup_get*id functions from
    22b79ed7f413cd980a7af0cf258da5bf82b6d5e5.
    
    Reviewed-by: Florian Weimer <fweimer@redhat.com>

Diff:
---
 csu/libc-start.c                       |  3 ---
 elf/enbl-secure.c                      | 10 ----------
 include/libc-internal.h                |  3 ---
 include/unistd.h                       |  1 -
 sysdeps/generic/startup.h              | 24 ------------------------
 sysdeps/mach/hurd/enbl-secure.c        | 30 ------------------------------
 sysdeps/mach/hurd/i386/init-first.c    |  4 ----
 sysdeps/unix/sysv/linux/i386/startup.h | 24 ------------------------
 8 files changed, 99 deletions(-)

diff --git a/csu/libc-start.c b/csu/libc-start.c
index e91f996426..b34bb6dbbc 100644
--- a/csu/libc-start.c
+++ b/csu/libc-start.c
@@ -285,9 +285,6 @@ LIBC_START_MAIN (int (*main) (int, char **, char ** MAIN_AUXVEC_DECL),
         }
     }
 
-  /* Initialize very early so that tunables can use it.  */
-  __libc_init_secure ();
-
   __tunables_init (__environ);
 
   ARCH_INIT_CPU_FEATURES ();
diff --git a/elf/enbl-secure.c b/elf/enbl-secure.c
index aa2a0bd877..4e4d66822b 100644
--- a/elf/enbl-secure.c
+++ b/elf/enbl-secure.c
@@ -26,15 +26,5 @@
 #include <startup.h>
 #include <libc-internal.h>
 
-/* If nonzero __libc_enable_secure is already set.  */
-int __libc_enable_secure_decided;
 /* Safest assumption, if somehow the initializer isn't run.  */
 int __libc_enable_secure = 1;
-
-void
-__libc_init_secure (void)
-{
-  if (__libc_enable_secure_decided == 0)
-    __libc_enable_secure = (startup_geteuid () != startup_getuid ()
-			    || startup_getegid () != startup_getgid ());
-}
diff --git a/include/libc-internal.h b/include/libc-internal.h
index 15920d2bde..c052bccb27 100644
--- a/include/libc-internal.h
+++ b/include/libc-internal.h
@@ -21,9 +21,6 @@
 
 #include <hp-timing.h>
 
-/* Initialize the `__libc_enable_secure' flag.  */
-extern void __libc_init_secure (void);
-
 /* Discover the tick frequency of the machine if something goes wrong,
    we return 0, an impossible hertz.  */
 extern int __profile_frequency (void);
diff --git a/include/unistd.h b/include/unistd.h
index 7090169601..af795a37c8 100644
--- a/include/unistd.h
+++ b/include/unistd.h
@@ -192,7 +192,6 @@ libc_hidden_proto (__tcsetpgrp)
    and some functions contained in the C library ignore various
    environment variables that normally affect them.  */
 extern int __libc_enable_secure attribute_relro;
-extern int __libc_enable_secure_decided;
 rtld_hidden_proto (__libc_enable_secure)
 
 
diff --git a/sysdeps/generic/startup.h b/sysdeps/generic/startup.h
index 99509404eb..45979ab231 100644
--- a/sysdeps/generic/startup.h
+++ b/sysdeps/generic/startup.h
@@ -23,27 +23,3 @@
 
 /* Use macro instead of inline function to avoid including <stdio.h>.  */
 #define _startup_fatal(message) __libc_fatal ((message))
-
-static inline uid_t
-startup_getuid (void)
-{
-  return __getuid ();
-}
-
-static inline uid_t
-startup_geteuid (void)
-{
-  return __geteuid ();
-}
-
-static inline gid_t
-startup_getgid (void)
-{
-  return __getgid ();
-}
-
-static inline gid_t
-startup_getegid (void)
-{
-  return __getegid ();
-}
diff --git a/sysdeps/mach/hurd/enbl-secure.c b/sysdeps/mach/hurd/enbl-secure.c
deleted file mode 100644
index 8c02789ecf..0000000000
--- a/sysdeps/mach/hurd/enbl-secure.c
+++ /dev/null
@@ -1,30 +0,0 @@
-/* Define and initialize the `__libc_enable_secure' flag.  Hurd version.
-   Copyright (C) 1998-2022 Free Software Foundation, Inc.
-   This file is part of the GNU C Library.
-
-   The GNU C Library is free software; you can redistribute it and/or
-   modify it under the terms of the GNU Lesser General Public
-   License as published by the Free Software Foundation; either
-   version 2.1 of the License, or (at your option) any later version.
-
-   The GNU C Library is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   Lesser General Public License for more details.
-
-   You should have received a copy of the GNU Lesser General Public
-   License along with the GNU C Library; if not, see
-   <https://www.gnu.org/licenses/>.  */
-
-/* There is no need for this file in the Hurd; it is just a placeholder
-   to prevent inclusion of the sysdeps/generic version.
-   In the shared library, the `__libc_enable_secure' variable is defined
-   by the dynamic linker in dl-sysdep.c and set there.
-   In the static library, it is defined in init-first.c and set there.  */
-
-#include <libc-internal.h>
-
-void
-__libc_init_secure (void)
-{
-}
diff --git a/sysdeps/mach/hurd/i386/init-first.c b/sysdeps/mach/hurd/i386/init-first.c
index 1229b59114..534a796e0d 100644
--- a/sysdeps/mach/hurd/i386/init-first.c
+++ b/sysdeps/mach/hurd/i386/init-first.c
@@ -38,10 +38,6 @@ extern void __init_misc (int, char **, char **);
 unsigned long int __hurd_threadvar_stack_offset;
 unsigned long int __hurd_threadvar_stack_mask;
 
-#ifndef SHARED
-int __libc_enable_secure;
-#endif
-
 extern int __libc_argc attribute_hidden;
 extern char **__libc_argv attribute_hidden;
 extern char **_dl_argv;
diff --git a/sysdeps/unix/sysv/linux/i386/startup.h b/sysdeps/unix/sysv/linux/i386/startup.h
index aab8e26ca7..67c9310f3a 100644
--- a/sysdeps/unix/sysv/linux/i386/startup.h
+++ b/sysdeps/unix/sysv/linux/i386/startup.h
@@ -32,30 +32,6 @@ _startup_fatal (const char *message __attribute__ ((unused)))
   ABORT_INSTRUCTION;
   __builtin_unreachable ();
 }
-
-static inline uid_t
-startup_getuid (void)
-{
-  return (uid_t) INTERNAL_SYSCALL_CALL (getuid32);
-}
-
-static inline uid_t
-startup_geteuid (void)
-{
-  return (uid_t) INTERNAL_SYSCALL_CALL (geteuid32);
-}
-
-static inline gid_t
-startup_getgid (void)
-{
-  return (gid_t) INTERNAL_SYSCALL_CALL (getgid32);
-}
-
-static inline gid_t
-startup_getegid (void)
-{
-  return (gid_t) INTERNAL_SYSCALL_CALL (getegid32);
-}
 #else
 # include_next <startup.h>
 #endif