From: Siddhesh Poyarekar <siddhesh@sourceware.org>
To: Adhemerval Zanella <adhemerval.zanella@linaro.org>,
libc-alpha@sourceware.org
Subject: Re: [PATCH v3 16/19] elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static
Date: Mon, 20 Nov 2023 17:59:53 -0500 [thread overview]
Message-ID: <8604ba2e-9cc6-4adf-8b2b-6a5aa4ebde7a@sourceware.org> (raw)
In-Reply-To: <20231106202552.3404059-17-adhemerval.zanella@linaro.org>
On 2023-11-06 15:25, Adhemerval Zanella wrote:
> It mimics the ld.so behavior.
>
> Checked on x86_64-linux-gnu.
> ---
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
> elf/dl-support.c | 32 ++++++++++++++++----------------
> 1 file changed, 16 insertions(+), 16 deletions(-)
>
> diff --git a/elf/dl-support.c b/elf/dl-support.c
> index 31a608df87..837fa1c836 100644
> --- a/elf/dl-support.c
> +++ b/elf/dl-support.c
> @@ -272,8 +272,6 @@ _dl_non_dynamic_init (void)
> _dl_main_map.l_phdr = GL(dl_phdr);
> _dl_main_map.l_phnum = GL(dl_phnum);
>
> - _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;
> -
> /* Set up the data structures for the system-supplied DSO early,
> so they can influence _dl_init_paths. */
> setup_vdso (NULL, NULL);
> @@ -281,6 +279,22 @@ _dl_non_dynamic_init (void)
> /* With vDSO setup we can initialize the function pointers. */
> setup_vdso_pointers ();
>
> + if (__libc_enable_secure)
> + {
> + static const char unsecure_envvars[] =
> + UNSECURE_ENVVARS
> + ;
> + const char *cp = unsecure_envvars;
> +
> + while (cp < unsecure_envvars + sizeof (unsecure_envvars))
> + {
> + __unsetenv (cp);
> + cp = strchr (cp, '\0') + 1;
> + }
> + }
> +
> + _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;
> +
> /* Initialize the data structures for the search paths for shared
> objects. */
> _dl_init_paths (getenv ("LD_LIBRARY_PATH"), "LD_LIBRARY_PATH",
> @@ -297,20 +311,6 @@ _dl_non_dynamic_init (void)
>
> _dl_dynamic_weak = *(getenv ("LD_DYNAMIC_WEAK") ?: "") == '\0';
>
> - if (__libc_enable_secure)
> - {
> - static const char unsecure_envvars[] =
> - UNSECURE_ENVVARS
> - ;
> - const char *cp = unsecure_envvars;
> -
> - while (cp < unsecure_envvars + sizeof (unsecure_envvars))
> - {
> - __unsetenv (cp);
> - cp = strchr (cp, '\0') + 1;
> - }
> - }
> -
> #ifdef DL_PLATFORM_INIT
> DL_PLATFORM_INIT;
> #endif
next prev parent reply other threads:[~2023-11-20 22:59 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-06 20:25 [PATCH v3 00/19] Improve loader environment variable handling Adhemerval Zanella
2023-11-06 20:25 ` [PATCH v3 01/19] elf: Remove /etc/suid-debug support Adhemerval Zanella
2023-11-06 20:25 ` [PATCH v3 02/19] elf: Add GLIBC_TUNABLES to unsecvars Adhemerval Zanella
2023-11-06 20:25 ` [PATCH v3 03/19] elf: Ignore GLIBC_TUNABLES for setuid/setgid binaries Adhemerval Zanella
2023-11-06 20:25 ` [PATCH v3 04/19] elf: Add all malloc tunable to unsecvars Adhemerval Zanella
2023-11-06 20:25 ` [PATCH v3 05/19] elf: Do not process invalid tunable format Adhemerval Zanella
2023-11-06 20:25 ` [PATCH v3 06/19] elf: Do not parse ill-formatted strings Adhemerval Zanella
2023-11-20 21:48 ` Siddhesh Poyarekar
2023-11-06 20:25 ` [PATCH v3 07/19] elf: Fix _dl_debug_vdprintf to work before self-relocation Adhemerval Zanella
2023-11-06 20:25 ` [PATCH v3 08/19] elf: Emit warning if tunable is ill-formatted Adhemerval Zanella
2023-11-20 21:50 ` Siddhesh Poyarekar
2023-11-06 20:25 ` [PATCH v3 09/19] x86: Use dl-symbol-redir-ifunc.h on cpu-tunables Adhemerval Zanella
2023-11-06 20:25 ` [PATCH v3 10/19] s390: " Adhemerval Zanella
2023-11-06 20:25 ` [PATCH v3 11/19] elf: Do not duplicate the GLIBC_TUNABLES string Adhemerval Zanella
2023-11-20 22:44 ` Siddhesh Poyarekar
2023-11-21 18:12 ` Adhemerval Zanella Netto
2023-11-22 11:39 ` Adhemerval Zanella Netto
2023-11-22 12:23 ` Siddhesh Poyarekar
2023-11-22 13:03 ` Adhemerval Zanella Netto
2023-11-22 13:24 ` Siddhesh Poyarekar
2023-11-22 14:13 ` Adhemerval Zanella Netto
2023-11-06 20:25 ` [PATCH v3 12/19] elf: Ignore LD_PROFILE for setuid binaries Adhemerval Zanella
2023-11-20 22:47 ` Siddhesh Poyarekar
2023-11-06 20:25 ` [PATCH v3 13/19] elf: Remove LD_PROFILE for static binaries Adhemerval Zanella
2023-11-20 22:55 ` Siddhesh Poyarekar
2023-11-06 20:25 ` [PATCH v3 14/19] elf: Ignore loader debug env vars for setuid Adhemerval Zanella
2023-11-20 22:57 ` Siddhesh Poyarekar
2023-11-21 18:24 ` Adhemerval Zanella Netto
2023-11-06 20:25 ` [PATCH v3 15/19] elf: Remove any_debug from dl_main_state Adhemerval Zanella
2023-11-20 22:58 ` Siddhesh Poyarekar
2023-11-06 20:25 ` [PATCH v3 16/19] elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static Adhemerval Zanella
2023-11-20 22:59 ` Siddhesh Poyarekar [this message]
2023-11-06 20:25 ` [PATCH v3 17/19] elf: Add comments on how LD_AUDIT and LD_PRELOAD handle __libc_enable_secure Adhemerval Zanella
2023-11-06 20:25 ` [PATCH v3 18/19] elf: Ignore LD_BIND_NOW and LD_BIND_NOT for setuid binaries Adhemerval Zanella
2023-11-20 23:02 ` Siddhesh Poyarekar
2023-11-06 20:25 ` [PATCH v3 19/19] elf: Refactor process_envvars Adhemerval Zanella
2023-11-20 23:09 ` Siddhesh Poyarekar
2023-11-21 19:00 ` Adhemerval Zanella Netto
2023-11-20 23:12 ` [PATCH v3 00/19] Improve loader environment variable handling Siddhesh Poyarekar
2023-11-21 19:37 ` Adhemerval Zanella Netto
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8604ba2e-9cc6-4adf-8b2b-6a5aa4ebde7a@sourceware.org \
--to=siddhesh@sourceware.org \
--cc=adhemerval.zanella@linaro.org \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).