From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from giraffe.ash.relay.mailchannels.net (giraffe.ash.relay.mailchannels.net [23.83.222.69]) by sourceware.org (Postfix) with ESMTPS id 6FA8B385CCA0 for ; Tue, 3 Oct 2023 20:12:15 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6FA8B385CCA0 Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=sourceware.org Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=sourceware.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 561EC4C1B0C; Tue, 3 Oct 2023 20:12:12 +0000 (UTC) Received: from pdx1-sub0-mail-a264.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 98D3B4C17DD; Tue, 3 Oct 2023 20:12:11 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1696363931; a=rsa-sha256; cv=none; b=yLlpU/HRgoyLuzkq5lBeSOZ7UVmqveaPW5jHLcnOW5qGh5idjpPzBWcA2pAAUgId6m6mCW WImF+Rl5JDM2/vVYSFLevIKuVccYap86VaJf58JY1LNdGbqAL3psMPG2wHQKWp6EO+7FRP Pj1tSPYHSvmymq8xDzg2ufldWrdetoqGZWegEo6uju92glzdPWornnXuAfH6qyTS6RmLtd ZCCD2MRZQQ57QOFWR2l/5FL0R4uHcgiI23O/2EcugyGWK0Vpfsa27WDfTZVvkurpziPYai yQM2aMEcORmYpJZ1bXyNg30ht/VBl0pjWdww+oQmDgCvia5NlQjLVMbHwnSz+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1696363931; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=F5YnTlHfbefFwgUCSgmi8M2Km1qcrq5mm4coiRnxNy0=; b=ngfxgBh8+odUIWg/XTR/5q6Gt2gqd6GBUWzrxmJ/oN/sFl+5i1kE0q6JHUj4ub3nd6mppj k/tE56D9kEKSCFXyjEqMmESMDnFIAjwVkPGsVPqsW1Q7X7mIg+WLPuAh/C1P1nmEaWmtmp tXM8kh7QlsyzZXK+uY316Jp/bpDoLefE3WPxw4VGTrJUGuW46ZtiQ2CxFbmta/0L9iNqi+ 2f14XoxY4AjgIGMaX5aDEQTHN/qn2mxPHES/5PWNvh9Ieimrr7FvipnuuhdCu5Sv8y3cwU RWZsQD++Jp27TE/ph92XBGya3z1sCe9UPX3RsfW3DwWPr3aMJbgQbRuDAsy47w== ARC-Authentication-Results: i=1; rspamd-7c449d4847-7lhtd; auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@sourceware.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Gusty-Army: 21f6dd4f1a85668d_1696363931876_855484462 X-MC-Loop-Signature: 1696363931876:3942383267 X-MC-Ingress-Time: 1696363931876 Received: from pdx1-sub0-mail-a264.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.99.159.71 (trex/6.9.1); Tue, 03 Oct 2023 20:12:11 +0000 Received: from fedora.redhat.com (bras-vprn-toroon4834w-lp130-02-142-113-138-41.dsl.bell.ca [142.113.138.41]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a264.dreamhost.com (Postfix) with ESMTPSA id 4S0TWH0mcjz4s; Tue, 3 Oct 2023 13:12:11 -0700 (PDT) From: Siddhesh Poyarekar To: libc-alpha@sourceware.org Cc: adhemerval.zanella@linaro.org, fweimer@redhat.com, carlos@redhat.com Subject: [PATCH 0/2] make all tunables SXID_ERASE Date: Tue, 3 Oct 2023 16:11:49 -0400 Message-ID: <20231003201151.1406279-1-siddhesh@sourceware.org> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1166.5 required=5.0 tests=BAYES_00,KAM_DMARC_NONE,KAM_DMARC_STATUS,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_SOFTFAIL,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: The tunable privilege levels were a retrofit to try and keep the malloc tunable envvar behaviour unchanged. In retrospect, especially in the light of CVE-2023-4911, I wonder if this feature of carrying allocator tuning knobs (and more generally, tunables in general) has much value. This patchset takes the first step by proposing to make all existing tunables SXID_ERASE. This will have the effect of deactivating tunables parsing in the at_secure context for all current tunables, making it trivial to drop GLIBC_TUNABLES form unsecvars.h in future, hopefully soon. Further, this paves the way for future cleanups to tunables parsing, where we could simply skip over tunables parsing for __libc_enable_secure instead of the complicated dance we're doing today. Tested on x86_64. Siddhesh Poyarekar (2): Make all malloc tunables SXID_ERASE aarch64: Make glibc.mem.tagging SXID_ERASE elf/dl-tunables.list | 13 +++---------- elf/tst-env-setuid-tunables.c | 25 ++----------------------- elf/tst-env-setuid.c | 4 ++-- sysdeps/generic/unsecvars.h | 7 +++++++ 4 files changed, 14 insertions(+), 35 deletions(-) -- 2.41.0