From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <32fBeYgcKClA4sA29sGy66y3w.u6430tu-s37zsA6C9uwEs9w.69y@flex--maskray.bounces.google.com>
Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com
 [IPv6:2607:f8b0:4864:20::1149])
 by sourceware.org (Postfix) with ESMTPS id 0E3503858025
 for <libc-alpha@sourceware.org>; Tue, 19 Apr 2022 17:26:50 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 0E3503858025
Received: by mail-yw1-x1149.google.com with SMTP id
 00721157ae682-2ec1914e315so152435487b3.23
 for <libc-alpha@sourceware.org>; Tue, 19 Apr 2022 10:26:50 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc;
 bh=O/+bbZ3szdho0XIKgdErMu/hqK3ZWFSzgBjEyP0ce6E=;
 b=3exP887hKT8aKMj/kPK0Y/vtnrHJCOqXMVsMcoet78kwnEx4RAEugGBnetTR8DW9PF
 8D52i8LV9mRq+VYUdPOkcfcHLCppbxP+gfEAV9S/o9LeN5FFQqv9bbiE83C+qeNUgB3w
 9NuxwEEJOekV4igOvFI8ibCXTPOUkNQu3T3U9geZzbUe/irILsHshou8LJhZFbfOsgBH
 waliVJypRgaiUuIqSf9qhs65CpDrdRO0BkdGdwCrWTd/WUwUssAc1tgscEIIRxamoF9k
 YBZhXQ3G9qHUfQ7swYmL1t9KvidOaOfUgoQtyNMBVQvn3jjvTvIKCPSOzhOJclYC7e4F
 t/qA==
X-Gm-Message-State: AOAM532odx8p7GWfbIKJfdTE1OmbPpk4uujANe2tl9OVi22brKfBrtvd
 z6mX2QVzuwA+TIZgNaCk3yxcQ92TXBWZeXmeoOeylBBVJ03TMgyTrIEB+z7E6NZ7adbvxxCtnD8
 2h7JGoC1XxkeylPnccBFygodGsNQCes6haBn+mFdV/07iwnlgQT/rudUxON1YNhM0dHxp
X-Google-Smtp-Source: ABdhPJzrNflRDuc8h76p4mjrne6ohBR2s2embC8itqHQ+KpTsuQ7cn4nG2YG9rOjw3r63WtDU2BLv40rjXBo
X-Received: from maskray1.svl.corp.google.com
 ([2620:15c:2ce:200:f2c5:60f5:e38f:e90b])
 (user=maskray job=sendgmr) by 2002:a5b:984:0:b0:63f:8c38:676c with SMTP id
 c4-20020a5b0984000000b0063f8c38676cmr16415662ybq.393.1650389209419; Tue, 19
 Apr 2022 10:26:49 -0700 (PDT)
Date: Tue, 19 Apr 2022 10:26:45 -0700
Message-Id: <20220419172645.3621706-1-maskray@google.com>
Mime-Version: 1.0
Subject: [PATCH v2] elf: Remove __libc_init_secure
From: Fangrui Song <maskray@google.com>
To: libc-alpha@sourceware.org, Florian Weimer <fweimer@redhat.com>, 
 "H . J . Lu" <hjl.tools@gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-19.7 required=5.0 tests=BAYES_00, DKIMWL_WL_MED,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE,
 USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Apr 2022 17:26:52 -0000

After 73fc4e28b9464f0e13edc719a5372839970e7ddb,
__libc_enable_secure_decided is always 0 and a statically linked
executable may overwrite __libc_enable_secure without considering
AT_SECURE.

The __libc_enable_secure has been correctly initialized in _dl_aux_init,
so just remove __libc_enable_secure_decided and __libc_init_secure.
This allows us to remove some linux/i386 functions from
22b79ed7f413cd980a7af0cf258da5bf82b6d5e5.

--
Changes from v1:
* remove definition from sysdeps/mach/hurd/i386/init-first.c
* remove startup_get*id from sysdeps/generic/startup.h
---
 csu/libc-start.c                       |  3 ---
 elf/enbl-secure.c                      | 10 ---------
 include/libc-internal.h                |  3 ---
 include/unistd.h                       |  1 -
 sysdeps/generic/startup.h              | 24 ---------------------
 sysdeps/mach/hurd/enbl-secure.c        | 30 --------------------------
 sysdeps/mach/hurd/i386/init-first.c    |  4 ----
 sysdeps/unix/sysv/linux/i386/startup.h | 24 ---------------------
 8 files changed, 99 deletions(-)
 delete mode 100644 sysdeps/mach/hurd/enbl-secure.c

diff --git a/csu/libc-start.c b/csu/libc-start.c
index e91f996426..b34bb6dbbc 100644
--- a/csu/libc-start.c
+++ b/csu/libc-start.c
@@ -285,9 +285,6 @@ LIBC_START_MAIN (int (*main) (int, char **, char ** MAIN_AUXVEC_DECL),
         }
     }
 
-  /* Initialize very early so that tunables can use it.  */
-  __libc_init_secure ();
-
   __tunables_init (__environ);
 
   ARCH_INIT_CPU_FEATURES ();
diff --git a/elf/enbl-secure.c b/elf/enbl-secure.c
index aa2a0bd877..4e4d66822b 100644
--- a/elf/enbl-secure.c
+++ b/elf/enbl-secure.c
@@ -26,15 +26,5 @@
 #include <startup.h>
 #include <libc-internal.h>
 
-/* If nonzero __libc_enable_secure is already set.  */
-int __libc_enable_secure_decided;
 /* Safest assumption, if somehow the initializer isn't run.  */
 int __libc_enable_secure = 1;
-
-void
-__libc_init_secure (void)
-{
-  if (__libc_enable_secure_decided == 0)
-    __libc_enable_secure = (startup_geteuid () != startup_getuid ()
-			    || startup_getegid () != startup_getgid ());
-}
diff --git a/include/libc-internal.h b/include/libc-internal.h
index 15920d2bde..c052bccb27 100644
--- a/include/libc-internal.h
+++ b/include/libc-internal.h
@@ -21,9 +21,6 @@
 
 #include <hp-timing.h>
 
-/* Initialize the `__libc_enable_secure' flag.  */
-extern void __libc_init_secure (void);
-
 /* Discover the tick frequency of the machine if something goes wrong,
    we return 0, an impossible hertz.  */
 extern int __profile_frequency (void);
diff --git a/include/unistd.h b/include/unistd.h
index 7090169601..af795a37c8 100644
--- a/include/unistd.h
+++ b/include/unistd.h
@@ -192,7 +192,6 @@ libc_hidden_proto (__tcsetpgrp)
    and some functions contained in the C library ignore various
    environment variables that normally affect them.  */
 extern int __libc_enable_secure attribute_relro;
-extern int __libc_enable_secure_decided;
 rtld_hidden_proto (__libc_enable_secure)
 
 
diff --git a/sysdeps/generic/startup.h b/sysdeps/generic/startup.h
index 99509404eb..45979ab231 100644
--- a/sysdeps/generic/startup.h
+++ b/sysdeps/generic/startup.h
@@ -23,27 +23,3 @@
 
 /* Use macro instead of inline function to avoid including <stdio.h>.  */
 #define _startup_fatal(message) __libc_fatal ((message))
-
-static inline uid_t
-startup_getuid (void)
-{
-  return __getuid ();
-}
-
-static inline uid_t
-startup_geteuid (void)
-{
-  return __geteuid ();
-}
-
-static inline gid_t
-startup_getgid (void)
-{
-  return __getgid ();
-}
-
-static inline gid_t
-startup_getegid (void)
-{
-  return __getegid ();
-}
diff --git a/sysdeps/mach/hurd/enbl-secure.c b/sysdeps/mach/hurd/enbl-secure.c
deleted file mode 100644
index 8c02789ecf..0000000000
--- a/sysdeps/mach/hurd/enbl-secure.c
+++ /dev/null
@@ -1,30 +0,0 @@
-/* Define and initialize the `__libc_enable_secure' flag.  Hurd version.
-   Copyright (C) 1998-2022 Free Software Foundation, Inc.
-   This file is part of the GNU C Library.
-
-   The GNU C Library is free software; you can redistribute it and/or
-   modify it under the terms of the GNU Lesser General Public
-   License as published by the Free Software Foundation; either
-   version 2.1 of the License, or (at your option) any later version.
-
-   The GNU C Library is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   Lesser General Public License for more details.
-
-   You should have received a copy of the GNU Lesser General Public
-   License along with the GNU C Library; if not, see
-   <https://www.gnu.org/licenses/>.  */
-
-/* There is no need for this file in the Hurd; it is just a placeholder
-   to prevent inclusion of the sysdeps/generic version.
-   In the shared library, the `__libc_enable_secure' variable is defined
-   by the dynamic linker in dl-sysdep.c and set there.
-   In the static library, it is defined in init-first.c and set there.  */
-
-#include <libc-internal.h>
-
-void
-__libc_init_secure (void)
-{
-}
diff --git a/sysdeps/mach/hurd/i386/init-first.c b/sysdeps/mach/hurd/i386/init-first.c
index 1229b59114..534a796e0d 100644
--- a/sysdeps/mach/hurd/i386/init-first.c
+++ b/sysdeps/mach/hurd/i386/init-first.c
@@ -38,10 +38,6 @@ extern void __init_misc (int, char **, char **);
 unsigned long int __hurd_threadvar_stack_offset;
 unsigned long int __hurd_threadvar_stack_mask;
 
-#ifndef SHARED
-int __libc_enable_secure;
-#endif
-
 extern int __libc_argc attribute_hidden;
 extern char **__libc_argv attribute_hidden;
 extern char **_dl_argv;
diff --git a/sysdeps/unix/sysv/linux/i386/startup.h b/sysdeps/unix/sysv/linux/i386/startup.h
index aab8e26ca7..67c9310f3a 100644
--- a/sysdeps/unix/sysv/linux/i386/startup.h
+++ b/sysdeps/unix/sysv/linux/i386/startup.h
@@ -32,30 +32,6 @@ _startup_fatal (const char *message __attribute__ ((unused)))
   ABORT_INSTRUCTION;
   __builtin_unreachable ();
 }
-
-static inline uid_t
-startup_getuid (void)
-{
-  return (uid_t) INTERNAL_SYSCALL_CALL (getuid32);
-}
-
-static inline uid_t
-startup_geteuid (void)
-{
-  return (uid_t) INTERNAL_SYSCALL_CALL (geteuid32);
-}
-
-static inline gid_t
-startup_getgid (void)
-{
-  return (gid_t) INTERNAL_SYSCALL_CALL (getgid32);
-}
-
-static inline gid_t
-startup_getegid (void)
-{
-  return (gid_t) INTERNAL_SYSCALL_CALL (getegid32);
-}
 #else
 # include_next <startup.h>
 #endif
-- 
2.36.0.rc0.470.gd361397f0d-goog