[glibc] elf: Ignore loader debug env vars for setuid

public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed

* [glibc] elf: Ignore loader debug env vars for setuid
@ 2023-12-05 20:34 Adhemerval Zanella
  0 siblings, 0 replies; only message in thread
From: Adhemerval Zanella @ 2023-12-05 20:34 UTC (permalink / raw)
  To: glibc-cvs

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=876a12e51323b4c0f7b6f32ec76f4a5280b7f0b9

commit 876a12e51323b4c0f7b6f32ec76f4a5280b7f0b9
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date:   Wed Nov 22 17:43:23 2023 -0300

    elf: Ignore loader debug env vars for setuid
    
    Loader already ignores LD_DEBUG, LD_DEBUG_OUTPUT, and
    LD_TRACE_LOADED_OBJECTS. Both LD_WARN and LD_VERBOSE are similar to
    LD_DEBUG, in the sense they enable additional checks and debug
    information, so it makes sense to disable them.
    
    Also add both LD_VERBOSE and LD_WARN on filtered environment variables
    for setuid binaries.
    
    Checked on x86_64-linux-gnu.
    Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

Diff:
---
 elf/rtld.c                  | 22 ++++++++++++++--------
 elf/tst-env-setuid.c        |  4 ++++
 sysdeps/generic/unsecvars.h |  2 ++
 3 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/elf/rtld.c b/elf/rtld.c
index 19bedcd4a6..55cdb4836e 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -2556,13 +2556,15 @@ process_envvars (struct dl_main_state *state)
 	{
 	case 4:
 	  /* Warning level, verbose or not.  */
-	  if (memcmp (envline, "WARN", 4) == 0)
+	  if (!__libc_enable_secure
+	      && memcmp (envline, "WARN", 4) == 0)
 	    GLRO(dl_verbose) = envline[5] != '\0';
 	  break;
 
 	case 5:
 	  /* Debugging of the dynamic linker?  */
-	  if (memcmp (envline, "DEBUG", 5) == 0)
+	  if (!__libc_enable_secure
+	      && memcmp (envline, "DEBUG", 5) == 0)
 	    {
 	      process_dl_debug (state, &envline[6]);
 	      break;
@@ -2577,7 +2579,8 @@ process_envvars (struct dl_main_state *state)
 
 	case 7:
 	  /* Print information about versions.  */
-	  if (memcmp (envline, "VERBOSE", 7) == 0)
+	  if (!__libc_enable_secure
+	      && memcmp (envline, "VERBOSE", 7) == 0)
 	    {
 	      state->version_info = envline[8] != '\0';
 	      break;
@@ -2636,7 +2639,8 @@ process_envvars (struct dl_main_state *state)
 	    }
 
 	  /* Where to place the profiling data file.  */
-	  if (memcmp (envline, "DEBUG_OUTPUT", 12) == 0)
+	  if (!__libc_enable_secure
+	      && memcmp (envline, "DEBUG_OUTPUT", 12) == 0)
 	    {
 	      debug_output = &envline[13];
 	      break;
@@ -2657,7 +2661,8 @@ process_envvars (struct dl_main_state *state)
 
 	case 20:
 	  /* The mode of the dynamic linker can be set.  */
-	  if (memcmp (envline, "TRACE_LOADED_OBJECTS", 20) == 0)
+	  if (!__libc_enable_secure
+	      && memcmp (envline, "TRACE_LOADED_OBJECTS", 20) == 0)
 	    {
 	      state->mode = rtld_mode_trace;
 	      state->mode_trace_program
@@ -2679,9 +2684,10 @@ process_envvars (struct dl_main_state *state)
 	}
       while (*nextp != '\0');
 
-      GLRO(dl_debug_mask) = 0;
-
-      if (state->mode != rtld_mode_normal)
+      if (GLRO(dl_debug_mask) != 0
+	  || GLRO(dl_verbose) != 0
+	  || state->mode != rtld_mode_normal
+	  || state->version_info)
 	_exit (5);
     }
   /* If we have to run the dynamic linker in debugging mode and the
diff --git a/elf/tst-env-setuid.c b/elf/tst-env-setuid.c
index 76b8e1fb45..b1d64ac085 100644
--- a/elf/tst-env-setuid.c
+++ b/elf/tst-env-setuid.c
@@ -59,6 +59,10 @@ static const struct envvar_t filtered_envvars[] =
   { "MALLOC_TRACE",            FILTERED_VALUE },
   { "MALLOC_TRIM_THRESHOLD_",  FILTERED_VALUE },
   { "RES_OPTIONS",             FILTERED_VALUE },
+  { "LD_DEBUG",                "all" },
+  { "LD_DEBUG_OUTPUT",         "/tmp/some-file" },
+  { "LD_WARN",                 FILTERED_VALUE },
+  { "LD_VERBOSE",              FILTERED_VALUE },
 };
 
 static const struct envvar_t unfiltered_envvars[] =
diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h
index f7ebed60e5..8975df4a14 100644
--- a/sysdeps/generic/unsecvars.h
+++ b/sysdeps/generic/unsecvars.h
@@ -16,6 +16,8 @@
   "LD_PRELOAD\0"							      \
   "LD_PROFILE\0"							      \
   "LD_SHOW_AUXV\0"							      \
+  "LD_VERBOSE\0"							      \
+  "LD_WARN\0"								      \
   "LOCALDOMAIN\0"							      \
   "LOCPATH\0"								      \
   "MALLOC_ARENA_MAX\0"							      \

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2023-12-05 20:34 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-12-05 20:34 [glibc] elf: Ignore loader debug env vars for setuid Adhemerval Zanella

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).