From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=P7h8=FW=canonical.com=michael.hudson@sourceware.org>
Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123])
	by sourceware.org (Postfix) with ESMTPS id 231A63858D20
	for <libc-alpha@sourceware.org>; Sun,  8 Oct 2023 19:51:59 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 231A63858D20
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=canonical.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=canonical.com
Received: from mail-oo1-f72.google.com (mail-oo1-f72.google.com [209.85.161.72])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id B4F623F637
	for <libc-alpha@sourceware.org>; Sun,  8 Oct 2023 19:51:57 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
	s=20210705; t=1696794717;
	bh=fSbsd5oPYQnABiaBbU25KnozLWHjKVg767RVj3dsyqc=;
	h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:
	 To:Cc:Content-Type;
	b=GXgEjWCaL3gf8eXNy6zNGXdNqmhNbTXo5PE89BVXfGI14kkfcxKoHTtg9BW+gWDEi
	 +zIPfW1OvsIU+9jkW9H2wQaKeeXIjNEk9BlTtMb3/Y9XU6TomMy6p21YhU+swsiBEf
	 kbsdlhgCLfZJ5syDqcvKrDHXKDc2qU1z3jJzN0gd5CaMwQU1zrBobav6r0QaawAh+v
	 AEWztI0cRNn7I1qoA/itRUonopax9r2h1EsxZJ0So4wiuTEIGN2Fr+u5GCb2S0k7Ep
	 T48T4zjtqeKLU+FGrjqxyjp06xBKseydVlgH5ee3wcFdZWRZNRf1XKl5+RQMvIj/9Y
	 nBoTRREIJLJOQ==
Received: by mail-oo1-f72.google.com with SMTP id 006d021491bc7-57b6cd1a584so5212866eaf.2
        for <libc-alpha@sourceware.org>; Sun, 08 Oct 2023 12:51:57 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1696794715; x=1697399515;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=fSbsd5oPYQnABiaBbU25KnozLWHjKVg767RVj3dsyqc=;
        b=QTY/LCVjruWnwHMaiArSTfdqk15IUSTJkL5R4cBn+HCtnjdHh0S8WcBs7L0bfMX3cn
         gF+5RcnbOkLZI4Rv3KtFKrr+IIACAi683TpKN1aOU50HwupYVrNnRzA6m4ibnrZl3SYO
         89zG5/HxAKURFHNzTuSoUmoPGPoZcc/1R62HcK+ET4ZGn+x5PSsvh+WQs8DodkWphjS4
         9/YywFDv+nf5ituNGw0Sxewk54HclJ9oE1ic1XgEATtDmluhhhR4hMrkD7ojE9cO6JV7
         BF3N5zzstRyW+64U0WZ0w1w7H3UEXc9kUekYJYAEywmIQRfXhP7bDVm3qZyCdVYkcjKP
         22WQ==
X-Gm-Message-State: AOJu0YycGKIp1ao7bu3rmnG22SatzKCeHrng66gKEiSAvvkMgCc2m7sD
	JsWfhQpMgLihG1Yc8WTrsAkchmVWrMSbtTRhEv5OXz9ZZk4mcFIhirPa1TkKEUDLFvz1g/iXSpR
	zRKLBLuYzqZkRn3/X7cDk9x8cb5E8pU/PlP0g2/YbYD1yA2/YJHLSIQ==
X-Received: by 2002:a05:6358:7e49:b0:142:d0dc:a3ce with SMTP id p9-20020a0563587e4900b00142d0dca3cemr14176334rwm.2.1696794715310;
        Sun, 08 Oct 2023 12:51:55 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IHrtWYy1hSeu6fJFYdGtOam908iYwPT/Y37AWln1SkJG+2tMWiSfFkUtHpSUHTJQ/Xauv+X2PsVAvvmmGUraZM=
X-Received: by 2002:a05:6358:7e49:b0:142:d0dc:a3ce with SMTP id
 p9-20020a0563587e4900b00142d0dca3cemr14176318rwm.2.1696794714945; Sun, 08 Oct
 2023 12:51:54 -0700 (PDT)
MIME-Version: 1.0
References: <ZR0UdwS+wTH+WfjR@arm.com> <f673bfd2-f590-c49d-d2f4-bbaae5c44994@sourceware.org>
 <ZR1w6NYJBqlwTQlh@arm.com> <e0357f65-8164-b3a6-359a-298172945219@sourceware.org>
 <ZR1717lyxyaDMeEG@arm.com> <cd20d11d-00ff-4f67-aee3-4df1f78ec669@linaro.org>
 <ZR5xfdrc9aqiw/BW@arm.com> <c0ca28f0-2da4-1ed2-5a0b-ffe9b82e7715@sourceware.org>
 <ZR7BTSxFlrQIHFht@arm.com> <1d301638-abaa-4f0b-89a5-7fa75250bf5d@app.fastmail.com>
In-Reply-To: <1d301638-abaa-4f0b-89a5-7fa75250bf5d@app.fastmail.com>
From: Michael Hudson-Doyle <michael.hudson@canonical.com>
Date: Mon, 9 Oct 2023 08:51:42 +1300
Message-ID: <CAJ8wqtcL=mLsxqtZA0bB1xG_7pgdYT2PLe53uLrrs6uJP_JTKg@mail.gmail.com>
Subject: Re: [PATCH 2/2] aarch64: Make glibc.mem.tagging SXID_ERASE
To: Zack Weinberg <zack@owlfolio.org>
Cc: Szabolcs Nagy <szabolcs.nagy@arm.com>, Siddhesh Poyarekar <siddhesh@sourceware.org>, 
	Adhemerval Zanella <adhemerval.zanella@linaro.org>, 
	GNU libc development <libc-alpha@sourceware.org>, Florian Weimer <fweimer@redhat.com>, 
	"Carlos O'Donell" <carlos@redhat.com>
Content-Type: multipart/alternative; boundary="0000000000003dd308060739ce00"
X-Spam-Status: No, score=-4.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-alpha.sourceware.org>

--0000000000003dd308060739ce00
Content-Type: text/plain; charset="UTF-8"

On Fri, 6 Oct 2023 at 07:32, Zack Weinberg <zack@owlfolio.org> wrote:

> I also think we ought to be talking about a very short *whitelist* of
> environment
> variables that are allowed to survive execve() of a setxid binary -- off
> the top
> of my head, TERM, LANG, LANGUAGE, LC_*, and maybe *nothing else* -- and
> putting
> that list into the kernel itself.
>

That would break at least one application I know about (snapd):
https://bugs.launchpad.net/snapd/+bug/1682308

Cheers,
mwh

--0000000000003dd308060739ce00--