From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id F16FB3858D28 for ; Mon, 18 Apr 2022 10:00:56 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org F16FB3858D28 Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-583-Z-gK5GsdNhKEoVRgFUyIuQ-1; Mon, 18 Apr 2022 06:00:47 -0400 X-MC-Unique: Z-gK5GsdNhKEoVRgFUyIuQ-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 97EC7299E754; Mon, 18 Apr 2022 10:00:47 +0000 (UTC) Received: from oldenburg.str.redhat.com (unknown [10.39.193.61]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C5487464501; Mon, 18 Apr 2022 10:00:46 +0000 (UTC) From: Florian Weimer To: Fangrui Song Cc: libc-alpha@sourceware.org Subject: Re: [PATCH] elf: Remove __libc_enable_secure_decided References: <20220417225240.1656529-1-maskray@google.com> Date: Mon, 18 Apr 2022 12:00:44 +0200 In-Reply-To: <20220417225240.1656529-1-maskray@google.com> (Fangrui Song's message of "Sun, 17 Apr 2022 15:52:40 -0700") Message-ID: <8735iau2wj.fsf@oldenburg.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.10 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain X-Spam-Status: No, score=-11.7 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Apr 2022 10:01:00 -0000 * Fangrui Song: > No functional change. __libc_enable_secure_decided is always 0 since > 73fc4e28b9464f0e13edc719a5372839970e7ddb. > --- > elf/enbl-secure.c | 7 ++----- > include/unistd.h | 1 - > 2 files changed, 2 insertions(+), 6 deletions(-) > > diff --git a/elf/enbl-secure.c b/elf/enbl-secure.c > index aa2a0bd877..6a0a6d0f0f 100644 > --- a/elf/enbl-secure.c > +++ b/elf/enbl-secure.c > @@ -26,15 +26,12 @@ > #include > #include > > -/* If nonzero __libc_enable_secure is already set. */ > -int __libc_enable_secure_decided; > /* Safest assumption, if somehow the initializer isn't run. */ > int __libc_enable_secure = 1; > > void > __libc_init_secure (void) > { > - if (__libc_enable_secure_decided == 0) > - __libc_enable_secure = (startup_geteuid () != startup_getuid () > - || startup_getegid () != startup_getgid ()); > + __libc_enable_secure = (startup_geteuid () != startup_getuid () > + || startup_getegid () != startup_getgid ()); > } Thanks for catching this in time before a release, this would have turned into a minor security vulnerability. __libc_init_secure should not overwrite __libc_enable_secure on Linux because _dl_aux_init in dl-support.c already initializes it, and the real vs effective check does not always yield the right results (it exits AT_SECURE mode for a pure capabilities-based transition, for example). Hurd already overrides __libc_init_secure with an empty function. I think we should remove it completely. Then we can also simply a bit, I think. Would you be able to write a patch along those lines, or should I work on this? Thanks, Florian