From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 1791) id 6CFCD3856DC2; Wed, 4 Oct 2023 19:28:59 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6CFCD3856DC2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1696447739; bh=GpErKKQhds67+9LQI1vHi8WiKUP26rreEL2bN9cvSgU=; h=From:To:Subject:Date:From; b=pQ+uXgM3Xn3YF5lvJ7rbsJxxlGGzhq2fXTa0DxzudvvPaHZjemIUgcYoUY6KWZWlB KAYStRLiIAZ7WO/ONecR+cb31sOig2OzaqrBfoZAvSy6Gi33Vr3fNp/uOsEED4E2bl mrCaBhTynmDr1dBATOTM7eMxT2u4YAXrKU2Lk404= Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Adhemerval Zanella To: glibc-cvs@sourceware.org Subject: [glibc/azanella/tunables] elf: Remove unsecvars X-Act-Checkin: glibc X-Git-Author: Adhemerval Zanella X-Git-Refname: refs/heads/azanella/tunables X-Git-Oldrev: dde95b6c66dc99c82bccd7db31fad095cd2b31d5 X-Git-Newrev: 5abf7fd23ddd7674673c57ef1a3b638dcd25abfa Message-Id: <20231004192859.6CFCD3856DC2@sourceware.org> Date: Wed, 4 Oct 2023 19:28:59 +0000 (GMT) List-Id: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5abf7fd23ddd7674673c57ef1a3b638dcd25abfa commit 5abf7fd23ddd7674673c57ef1a3b638dcd25abfa Author: Adhemerval Zanella Date: Wed Oct 4 16:21:14 2023 -0300 elf: Remove unsecvars TODO Diff: --- elf/dl-support.c | 15 --------------- elf/rtld.c | 17 +++-------------- sysdeps/generic/unsecvars.h | 26 -------------------------- 3 files changed, 3 insertions(+), 55 deletions(-) diff --git a/elf/dl-support.c b/elf/dl-support.c index 44a54dea07..7cd0c3dff9 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -36,7 +36,6 @@ #include #include #include -#include #include #include #include @@ -306,20 +305,6 @@ _dl_non_dynamic_init (void) _dl_profile_output = &"/var/tmp\0/var/profile"[__libc_enable_secure ? 9 : 0]; - if (__libc_enable_secure) - { - static const char unsecure_envvars[] = - UNSECURE_ENVVARS - ; - const char *cp = unsecure_envvars; - - while (cp < unsecure_envvars + sizeof (unsecure_envvars)) - { - __unsetenv (cp); - cp = strchr (cp, '\0') + 1; - } - } - #ifdef DL_PLATFORM_INIT DL_PLATFORM_INIT; #endif diff --git a/elf/rtld.c b/elf/rtld.c index 318a3661f0..618d985baf 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -32,7 +32,6 @@ #include #include #include -#include #include #include #include @@ -2658,24 +2657,14 @@ process_envvars (struct dl_main_state *state) } } - /* Extra security for SUID binaries. Remove all dangerous environment - variables. */ + /* If we have to run the dynamic linker in debugging mode and the + LD_DEBUG_OUTPUT environment variable is given, we write the debug + messages to this file. */ if (__glibc_unlikely (__libc_enable_secure)) { - const char *nextp = UNSECURE_ENVVARS; - do - { - unsetenv (nextp); - nextp = strchr (nextp, '\0') + 1; - } - while (*nextp != '\0'); - if (state->mode != rtld_mode_normal) _exit (5); } - /* If we have to run the dynamic linker in debugging mode and the - LD_DEBUG_OUTPUT environment variable is given, we write the debug - messages to this file. */ else if (state->any_debug && debug_output != NULL) { const int flags = O_WRONLY | O_APPEND | O_CREAT | O_NOFOLLOW; diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h deleted file mode 100644 index 8278c50a84..0000000000 --- a/sysdeps/generic/unsecvars.h +++ /dev/null @@ -1,26 +0,0 @@ -/* Environment variable to be removed for SUID programs. The names are - all stuffed in a single string which means they have to be terminated - with a '\0' explicitly. */ -#define UNSECURE_ENVVARS \ - "GCONV_PATH\0" \ - "GETCONF_DIR\0" \ - "HOSTALIASES\0" \ - "LD_AUDIT\0" \ - "LD_DEBUG\0" \ - "LD_DEBUG_OUTPUT\0" \ - "LD_DYNAMIC_WEAK\0" \ - "LD_HWCAP_MASK\0" \ - "LD_LIBRARY_PATH\0" \ - "LD_ORIGIN_PATH\0" \ - "LD_PRELOAD\0" \ - "LD_PROFILE\0" \ - "LD_SHOW_AUXV\0" \ - "LOCALDOMAIN\0" \ - "LOCPATH\0" \ - "MALLOC_TRACE\0" \ - "NIS_PATH\0" \ - "NLSPATH\0" \ - "RESOLV_HOST_CONF\0" \ - "RES_OPTIONS\0" \ - "TMPDIR\0" \ - "TZDIR\0"