[glibc/azanella/tunables] elf: Remove unsecvars

[Adhemerval Zanella <azanella@sourceware.org>]

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5abf7fd23ddd7674673c57ef1a3b638dcd25abfa

commit 5abf7fd23ddd7674673c57ef1a3b638dcd25abfa
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date:   Wed Oct 4 16:21:14 2023 -0300

    elf: Remove unsecvars
    
    TODO

Diff:
---
 elf/dl-support.c            | 15 ---------------
 elf/rtld.c                  | 17 +++--------------
 sysdeps/generic/unsecvars.h | 26 --------------------------
 3 files changed, 3 insertions(+), 55 deletions(-)

diff --git a/elf/dl-support.c b/elf/dl-support.c
index 44a54dea07..7cd0c3dff9 100644
--- a/elf/dl-support.c
+++ b/elf/dl-support.c
@@ -36,7 +36,6 @@
 #include <libc-lock.h>
 #include <dl-cache.h>
 #include <dl-procinfo.h>
-#include <unsecvars.h>
 #include <hp-timing.h>
 #include <stackinfo.h>
 #include <dl-vdso.h>
@@ -306,20 +305,6 @@ _dl_non_dynamic_init (void)
     _dl_profile_output
       = &"/var/tmp\0/var/profile"[__libc_enable_secure ? 9 : 0];
 
-  if (__libc_enable_secure)
-    {
-      static const char unsecure_envvars[] =
-	UNSECURE_ENVVARS
-	;
-      const char *cp = unsecure_envvars;
-
-      while (cp < unsecure_envvars + sizeof (unsecure_envvars))
-	{
-	  __unsetenv (cp);
-	  cp = strchr (cp, '\0') + 1;
-	}
-    }
-
 #ifdef DL_PLATFORM_INIT
   DL_PLATFORM_INIT;
 #endif
diff --git a/elf/rtld.c b/elf/rtld.c
index 318a3661f0..618d985baf 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -32,7 +32,6 @@
 #include <fpu_control.h>
 #include <hp-timing.h>
 #include <libc-lock.h>
-#include <unsecvars.h>
 #include <dl-cache.h>
 #include <dl-osinfo.h>
 #include <dl-procinfo.h>
@@ -2658,24 +2657,14 @@ process_envvars (struct dl_main_state *state)
 	}
     }
 
-  /* Extra security for SUID binaries.  Remove all dangerous environment
-     variables.  */
+  /* If we have to run the dynamic linker in debugging mode and the
+     LD_DEBUG_OUTPUT environment variable is given, we write the debug
+     messages to this file.  */
   if (__glibc_unlikely (__libc_enable_secure))
     {
-      const char *nextp = UNSECURE_ENVVARS;
-      do
-	{
-	  unsetenv (nextp);
-	  nextp = strchr (nextp, '\0') + 1;
-	}
-      while (*nextp != '\0');
-
       if (state->mode != rtld_mode_normal)
 	_exit (5);
     }
-  /* If we have to run the dynamic linker in debugging mode and the
-     LD_DEBUG_OUTPUT environment variable is given, we write the debug
-     messages to this file.  */
   else if (state->any_debug && debug_output != NULL)
     {
       const int flags = O_WRONLY | O_APPEND | O_CREAT | O_NOFOLLOW;
diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h
deleted file mode 100644
index 8278c50a84..0000000000
--- a/sysdeps/generic/unsecvars.h
+++ /dev/null
@@ -1,26 +0,0 @@
-/* Environment variable to be removed for SUID programs.  The names are
-   all stuffed in a single string which means they have to be terminated
-   with a '\0' explicitly.  */
-#define UNSECURE_ENVVARS \
-  "GCONV_PATH\0"							      \
-  "GETCONF_DIR\0"							      \
-  "HOSTALIASES\0"							      \
-  "LD_AUDIT\0"								      \
-  "LD_DEBUG\0"								      \
-  "LD_DEBUG_OUTPUT\0"							      \
-  "LD_DYNAMIC_WEAK\0"							      \
-  "LD_HWCAP_MASK\0"							      \
-  "LD_LIBRARY_PATH\0"							      \
-  "LD_ORIGIN_PATH\0"							      \
-  "LD_PRELOAD\0"							      \
-  "LD_PROFILE\0"							      \
-  "LD_SHOW_AUXV\0"							      \
-  "LOCALDOMAIN\0"							      \
-  "LOCPATH\0"								      \
-  "MALLOC_TRACE\0"							      \
-  "NIS_PATH\0"								      \
-  "NLSPATH\0"								      \
-  "RESOLV_HOST_CONF\0"							      \
-  "RES_OPTIONS\0"							      \
-  "TMPDIR\0"								      \
-  "TZDIR\0"