public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed
* [glibc/azanella/tunables] elf: Remove unsecvars
@ 2023-10-04 19:28 Adhemerval Zanella
0 siblings, 0 replies; only message in thread
From: Adhemerval Zanella @ 2023-10-04 19:28 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5abf7fd23ddd7674673c57ef1a3b638dcd25abfa
commit 5abf7fd23ddd7674673c57ef1a3b638dcd25abfa
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Wed Oct 4 16:21:14 2023 -0300
elf: Remove unsecvars
TODO
Diff:
---
elf/dl-support.c | 15 ---------------
elf/rtld.c | 17 +++--------------
sysdeps/generic/unsecvars.h | 26 --------------------------
3 files changed, 3 insertions(+), 55 deletions(-)
diff --git a/elf/dl-support.c b/elf/dl-support.c
index 44a54dea07..7cd0c3dff9 100644
--- a/elf/dl-support.c
+++ b/elf/dl-support.c
@@ -36,7 +36,6 @@
#include <libc-lock.h>
#include <dl-cache.h>
#include <dl-procinfo.h>
-#include <unsecvars.h>
#include <hp-timing.h>
#include <stackinfo.h>
#include <dl-vdso.h>
@@ -306,20 +305,6 @@ _dl_non_dynamic_init (void)
_dl_profile_output
= &"/var/tmp\0/var/profile"[__libc_enable_secure ? 9 : 0];
- if (__libc_enable_secure)
- {
- static const char unsecure_envvars[] =
- UNSECURE_ENVVARS
- ;
- const char *cp = unsecure_envvars;
-
- while (cp < unsecure_envvars + sizeof (unsecure_envvars))
- {
- __unsetenv (cp);
- cp = strchr (cp, '\0') + 1;
- }
- }
-
#ifdef DL_PLATFORM_INIT
DL_PLATFORM_INIT;
#endif
diff --git a/elf/rtld.c b/elf/rtld.c
index 318a3661f0..618d985baf 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -32,7 +32,6 @@
#include <fpu_control.h>
#include <hp-timing.h>
#include <libc-lock.h>
-#include <unsecvars.h>
#include <dl-cache.h>
#include <dl-osinfo.h>
#include <dl-procinfo.h>
@@ -2658,24 +2657,14 @@ process_envvars (struct dl_main_state *state)
}
}
- /* Extra security for SUID binaries. Remove all dangerous environment
- variables. */
+ /* If we have to run the dynamic linker in debugging mode and the
+ LD_DEBUG_OUTPUT environment variable is given, we write the debug
+ messages to this file. */
if (__glibc_unlikely (__libc_enable_secure))
{
- const char *nextp = UNSECURE_ENVVARS;
- do
- {
- unsetenv (nextp);
- nextp = strchr (nextp, '\0') + 1;
- }
- while (*nextp != '\0');
-
if (state->mode != rtld_mode_normal)
_exit (5);
}
- /* If we have to run the dynamic linker in debugging mode and the
- LD_DEBUG_OUTPUT environment variable is given, we write the debug
- messages to this file. */
else if (state->any_debug && debug_output != NULL)
{
const int flags = O_WRONLY | O_APPEND | O_CREAT | O_NOFOLLOW;
diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h
deleted file mode 100644
index 8278c50a84..0000000000
--- a/sysdeps/generic/unsecvars.h
+++ /dev/null
@@ -1,26 +0,0 @@
-/* Environment variable to be removed for SUID programs. The names are
- all stuffed in a single string which means they have to be terminated
- with a '\0' explicitly. */
-#define UNSECURE_ENVVARS \
- "GCONV_PATH\0" \
- "GETCONF_DIR\0" \
- "HOSTALIASES\0" \
- "LD_AUDIT\0" \
- "LD_DEBUG\0" \
- "LD_DEBUG_OUTPUT\0" \
- "LD_DYNAMIC_WEAK\0" \
- "LD_HWCAP_MASK\0" \
- "LD_LIBRARY_PATH\0" \
- "LD_ORIGIN_PATH\0" \
- "LD_PRELOAD\0" \
- "LD_PROFILE\0" \
- "LD_SHOW_AUXV\0" \
- "LOCALDOMAIN\0" \
- "LOCPATH\0" \
- "MALLOC_TRACE\0" \
- "NIS_PATH\0" \
- "NLSPATH\0" \
- "RESOLV_HOST_CONF\0" \
- "RES_OPTIONS\0" \
- "TMPDIR\0" \
- "TZDIR\0"
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-10-04 19:28 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-10-04 19:28 [glibc/azanella/tunables] elf: Remove unsecvars Adhemerval Zanella
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).