From: Siddhesh Poyarekar <siddhesh@sourceware.org>
To: libc-alpha@sourceware.org
Subject: [PATCH v2 0/4] tunables and setxid programs
Date: Tue, 16 Mar 2021 12:37:51 +0530 [thread overview]
Message-ID: <20210316070755.330084-1-siddhesh@sourceware.org> (raw)
When parse_tunables tries to erase a tunable marked as SXID_ERASE for
setuid programs, it ends up setting the envvar string iterator
incorrectly, because of which it may parse the next tunable
incorrectly. Given that currently the implementation allows malformed
and unrecognized tunables pass through, it may even allow SXID_ERASE
tunables to go through.
This change revamps the SXID_ERASE implementation so that:
- Only valid tunables are written back to the tunestr string, because
of which children of SXID programs will only inherit a clean list of
identified tunables that are not SXID_ERASE.
- Unrecognized tunables get scrubbed off from the environment and
subsequently from the child environment.
- This has the side-effect that a tunable that is not identified by
the setxid binary, will not be passed on to a non-setxid child even
if the child could have identified that tunable. This may break
applications that expect this behaviour but expecting such tunables
to cross the SXID boundary is wrong.
The setuid test for tunables has been bolstered to test different
combinations of tunable values to ensure that the behaviour is now
consistent.
Siddhesh Poyarekar (4):
support: Add capability to fork an sgid child
tst-env-setuid: Use support_capture_subprogram_self_sgid
Enhance setuid-tunables test
Fix SXID_ERASE behavior in setuid programs (BZ #27471)
elf/Makefile | 2 -
elf/dl-tunables.c | 56 ++++----
elf/tst-env-setuid-tunables.c | 118 +++++++++++++---
elf/tst-env-setuid.c | 197 ++------------------------
stdlib/tst-secure-getenv.c | 199 +++------------------------
support/capture_subprocess.h | 6 +
support/check.h | 12 ++
support/subprocess.h | 5 +
support/support_capture_subprocess.c | 114 +++++++++++++++
support/support_subprocess.c | 13 ++
10 files changed, 304 insertions(+), 418 deletions(-)
--
2.29.2
next reply other threads:[~2021-03-16 7:08 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-16 7:07 Siddhesh Poyarekar [this message]
2021-03-16 7:07 ` [PATCH 1/4] support: Add capability to fork an sgid child Siddhesh Poyarekar
2021-04-06 16:35 ` Carlos O'Donell
2021-04-09 15:25 ` [PATCH v2] " Siddhesh Poyarekar
2021-04-12 3:15 ` Carlos O'Donell
2021-03-16 7:07 ` [PATCH 2/4] tst-env-setuid: Use support_capture_subprogram_self_sgid Siddhesh Poyarekar
2021-04-06 16:39 ` Carlos O'Donell
2021-03-16 7:07 ` [PATCH 3/4] Enhance setuid-tunables test Siddhesh Poyarekar
2021-04-06 16:46 ` Carlos O'Donell
2021-03-16 7:07 ` [PATCH 4/4] Fix SXID_ERASE behavior in setuid programs (BZ #27471) Siddhesh Poyarekar
2021-04-06 19:47 ` Carlos O'Donell
2021-04-08 4:38 ` Siddhesh Poyarekar
2021-04-12 3:25 ` Carlos O'Donell
2021-04-12 3:30 ` Carlos O'Donell
2021-03-22 4:32 ` [PING][PATCH v2 0/4] tunables and setxid programs Siddhesh Poyarekar
-- strict thread matches above, loose matches on Subject: below --
2021-03-16 7:06 [PATCH " Siddhesh Poyarekar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210316070755.330084-1-siddhesh@sourceware.org \
--to=siddhesh@sourceware.org \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).