From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id BC65E3858C5F for ; Fri, 1 Mar 2024 17:46:40 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org BC65E3858C5F Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org BC65E3858C5F Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1709315203; cv=none; b=E1KwxupXgJF5xABOXjXkgskqi8Ek3UZM3gTMHP8wSapgL3YAKLqT7LzSASzBxuTzv53dfuKrXcqOUd+cBvxs05NfX4GU8QgJ+SOkG500faYhLVYi8Ih+uHcz06OrwP5F5sLTyPDHWmhJSTuwvcCAEajRKCIy8UB7vONSshw44/8= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1709315203; c=relaxed/simple; bh=NX/7246Q7BxZCjhMXUryzdQoZDRYp/mYaUZw3jquUPg=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=u082ooYvbSuZf0d+vEwQJnPGnoGVd/hvgJIPCrYpuFiGVjFJR1+hV1xkYdsrQ8ExZbvNR0q2QwZ2FGqZTI9f4UEe43Pqrt2pq2JCpfB0MpfhreCv9INDvXliDdm5kv5obXg3UUtiZCIxSdjGVMGVUeju22blw+wXNvP0UPX2Rwg= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709315200; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xDN8l9PJer1QIdzzGSEIHJjuGK3cAR4QlKXo376f4YU=; b=EWQrAG8JNqs7/2p7c9HmE5kgbQ5zC16P0K6nYxWxiBCRKyxHlnIwr0OeyZN8C67b1cJrDx Z0cY/t1tuovhHNW/moac9mzMgbeCaPMNM3ok3wbxfda8FRnjlVK4kUA0MxHNljQ6Wh9Zd0 a2M0m8RN6rs5WAYbp9PemEYppXd5o28= Received: from mail-qv1-f70.google.com (mail-qv1-f70.google.com [209.85.219.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-283-FUTfzWBGMvWSmNvX0_Ti9g-1; Fri, 01 Mar 2024 12:46:39 -0500 X-MC-Unique: FUTfzWBGMvWSmNvX0_Ti9g-1 Received: by mail-qv1-f70.google.com with SMTP id 6a1803df08f44-68ffc21d398so30100206d6.1 for ; Fri, 01 Mar 2024 09:46:37 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709315196; x=1709919996; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=xDN8l9PJer1QIdzzGSEIHJjuGK3cAR4QlKXo376f4YU=; b=DxHj0eLhqxmX9tTmSQwF0cOA7hUsQAz/mQTBTAUcuC2wNRvftOXqfUYrU0cfkdIIZu wgIixSD061+3+olZrO6Aq1/PA8n7tUosGjsBh4o2TA3FdB+Up+x84uNX0GFJSeYpclNj TtTLSteOuSMtax3WfnaciE3e7TwmG+UvY6bHF5NDNFzxaZsINfKggE5HeCJjNlz+TSAj H7beQl6Nr2voN4JOXukhm2TvQNTYcMAbCWk+PefF/0qaY8SXfqTm06fES4sRKYJ0RO4p 3FS5o62da017WQN3kR0TvQLFjshp8RjChhVev2XWiBhjEY9x6duSzQfyHtGWa5oyJZ22 tQ5A== X-Gm-Message-State: AOJu0Yw84EkwqxBxjIkUdzCYI0+C1nJEAoUoAFoR1uZw0RUTc+np+zzm /jgrGKTl6AmdZFMnWQZWfXjXQrYS5F61R7bskyghCmSGK6+KKISePDiCqd0WTAaRn5XpqqtBT7z AfC3i18yVHjC/VN21ThOoQylNsI8PGUkUippSxu89xC12ncmL/5kTv8+lexhBcmAt4MPILG+nuO XTxtlR2rQ2dSWMcrO2s2g1JN0q/SwZ+wY9X3pXTi7x8g== X-Received: by 2002:a0c:ef81:0:b0:68f:6e1a:14fe with SMTP id w1-20020a0cef81000000b0068f6e1a14femr2097736qvr.61.1709315196793; Fri, 01 Mar 2024 09:46:36 -0800 (PST) X-Google-Smtp-Source: AGHT+IGCjE5C18dewVGDqofvL7huUmLkryxPBuimkq10P0quaGct/4+Ods14ozyKjHmHUg8ySf/7Nw== X-Received: by 2002:a0c:ef81:0:b0:68f:6e1a:14fe with SMTP id w1-20020a0cef81000000b0068f6e1a14femr2097721qvr.61.1709315196521; Fri, 01 Mar 2024 09:46:36 -0800 (PST) Received: from oak.redhat.com (c-71-206-142-238.hsd1.va.comcast.net. [71.206.142.238]) by smtp.gmail.com with ESMTPSA id lz4-20020a0562145c4400b00686ac3c9db4sm2082435qvb.98.2024.03.01.09.46.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 Mar 2024 09:46:36 -0800 (PST) From: Joe Simmons-Talbott To: libc-alpha@sourceware.org Cc: Joe Talbott Subject: [PATCH] manual/tunables - Add entry for enable_secure tunable. Date: Fri, 1 Mar 2024 12:46:24 -0500 Message-ID: <20240301174629.2012625-1-josimmon@redhat.com> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII"; x-default=true X-Spam-Status: No, score=-12.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: From: Joe Talbott --- manual/tunables.texi | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/manual/tunables.texi b/manual/tunables.texi index be97190d67..4a7d04dc0d 100644 --- a/manual/tunables.texi +++ b/manual/tunables.texi @@ -345,6 +345,16 @@ performance issues of @samp{1}. The default value of this tunable is @samp{2}. @end deftp +@deftp Tunable glibc.rtld.enable_secure +Used to run a program as if it were a setuid process. The only valid value +is @samp{1} as this tunable can only be used to set and not unset +@code{enable_secure}. Setting this tunable to @samp{1} also disables all other +tunables. This tunable is intended to facilitate more extensive verification +tests for @code{AT_SECURE} programs and not meant to be a security feature. + +The default value of this tunable is @samp{0}. +@end deftp + @node Elision Tunables @section Elision Tunables @cindex elision tunables -- 2.43.2