From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on2070.outbound.protection.outlook.com [40.107.7.70]) by sourceware.org (Postfix) with ESMTPS id 0BB45385CC92; Thu, 5 Oct 2023 14:00:17 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 0BB45385CC92 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rAy75o+ttkhubVCsjujEWX7jy2huVLj69m30+AHKTL8=; b=dv+mljD+kps+gWjXT5Xmk95uof/0QuNz8OyrQofX32kdbo8FhhZYwLsAPIUAcibw63kn8gSzI1dfCcRtwWp2FOJ8Y4B+SZP2k6CbPiD+r4YuRNvLmwx2VSoLd87N/qfijXJLZ6henKbSX5v3w/sJvf316JIo3PM3CzgprAXlZHs= Received: from DU2PR04CA0073.eurprd04.prod.outlook.com (2603:10a6:10:232::18) by VI1PR08MB5520.eurprd08.prod.outlook.com (2603:10a6:803:135::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6838.29; Thu, 5 Oct 2023 14:00:11 +0000 Received: from DBAEUR03FT013.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:232:cafe::ad) by DU2PR04CA0073.outlook.office365.com (2603:10a6:10:232::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6838.33 via Frontend Transport; Thu, 5 Oct 2023 14:00:11 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DBAEUR03FT013.mail.protection.outlook.com (100.127.142.222) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.28 via Frontend Transport; Thu, 5 Oct 2023 14:00:11 +0000 Received: ("Tessian outbound fdf44c93bd44:v211"); Thu, 05 Oct 2023 14:00:11 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 0d19c469073403a1 X-CR-MTA-TID: 64aa7808 Received: from 658a062bcf20.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 9BB1C9F6-8D8B-4B18-AAB9-376AD11FA885.1; Thu, 05 Oct 2023 14:00:02 +0000 Received: from EUR04-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 658a062bcf20.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 05 Oct 2023 14:00:02 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Yn9LuKMQtL35p2RW6vG+nHthPIiJR29l0FIYe799XU9WdSlbIzWFKYKEdXpY2UieqHQmCQx2U/+4IbBpetgXSI9ZvTAH+eT8n+aeyrA7rQNIz4Q2L3zwDzdUJnsKA6uZ0Yy/DmGFhNpDFOUGWSIHI5YIgnrOiF/F7GLNAKHbRBd0hUum8UUFCTMV9caWKigqHzP7iau75ik9bXtLpPYjWbjISWOdqWkeTiXE6FhzmwEuBrPTpE451U27p3NQdu4fu8ea06O75fd0oWfAGIB6tfrsD6/JIUZCK5kSSGwOBSTzESq/NkS3cdC/RBAfcQ5fKqaKYfH61yRTxdlMS1DoCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rAy75o+ttkhubVCsjujEWX7jy2huVLj69m30+AHKTL8=; b=Zn5tbaboVy+qrQcxDVp0kPoi6zRdUne3lt3fn+1haNA2HkuZ1+/x3mxxYg148PyChTOWp+w4Q4QRi9g2LSVOLeoeU0g+TdxmGo+wm2SctmHjXqxiKgYhZDa60c6QwsAu64rVWfPLrF3C5v4ktPC5bPUELuxMqXkC4z/eJOFK+DPnJ90aposQGxm5pGDtGabCllO6zoOg5jHTUqYvy9QKqIqnAR9pojfOLf+K5LO4Kw1p5SPJ9h4dfsg7PfpIdns+GGSbjo1FxkoWLVgfxNJYIeuuaYob6wTJCYpAwEhtAnsSYFcy0IZ/0pDVIj7TTV7le5t9SVgrADBtZvd+lfA3uw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rAy75o+ttkhubVCsjujEWX7jy2huVLj69m30+AHKTL8=; b=dv+mljD+kps+gWjXT5Xmk95uof/0QuNz8OyrQofX32kdbo8FhhZYwLsAPIUAcibw63kn8gSzI1dfCcRtwWp2FOJ8Y4B+SZP2k6CbPiD+r4YuRNvLmwx2VSoLd87N/qfijXJLZ6henKbSX5v3w/sJvf316JIo3PM3CzgprAXlZHs= Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; Received: from DB9PR08MB7179.eurprd08.prod.outlook.com (2603:10a6:10:2cc::19) by PAVPR08MB9062.eurprd08.prod.outlook.com (2603:10a6:102:32d::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6838.31; Thu, 5 Oct 2023 14:00:00 +0000 Received: from DB9PR08MB7179.eurprd08.prod.outlook.com ([fe80::e62:8b0f:9b88:39a1]) by DB9PR08MB7179.eurprd08.prod.outlook.com ([fe80::e62:8b0f:9b88:39a1%4]) with mapi id 15.20.6838.033; Thu, 5 Oct 2023 14:00:00 +0000 Date: Thu, 5 Oct 2023 14:59:41 +0100 From: Szabolcs Nagy To: Siddhesh Poyarekar , Adhemerval Zanella Netto , libc-alpha@sourceware.org Cc: fweimer@redhat.com, carlos@redhat.com Subject: Re: [PATCH 2/2] aarch64: Make glibc.mem.tagging SXID_ERASE Message-ID: References: Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-ClientProxiedBy: DM6PR11CA0026.namprd11.prod.outlook.com (2603:10b6:5:190::39) To DB9PR08MB7179.eurprd08.prod.outlook.com (2603:10a6:10:2cc::19) MIME-Version: 1.0 X-MS-TrafficTypeDiagnostic: DB9PR08MB7179:EE_|PAVPR08MB9062:EE_|DBAEUR03FT013:EE_|VI1PR08MB5520:EE_ X-MS-Office365-Filtering-Correlation-Id: 1b42314d-c161-446d-f507-08dbc5ab646f x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: HXP3n3vv8wplhZDMVt764Viq8pXn4+npUr6iYKPAkruszMuvirvG7+Ux8+MZsvZx3Y/Z5XVEJqIutcxZ8JKCE5kNWaEAY+Tm/oNP19wYBlOtGT8FLs8B93jfhTr0wzF3iuq1Bf/o1vlPli4kYAj9gvZucENwsRDrK0lqMplDYVuVT+aiUt/ofo+c+mm0s9r9ND30bitFTlUr8AU8wKMm3pTtGRRzG5ZdnT4JB2nHGwI2obeTWxXhmZ/3+wKURbtyMU2q6DvupumW+ZFWDUi5nB6p6iB4tV2H6+/Ku+oKcgt0bXiu0Pg6SuFGM77CUeZSnyGlQH4phCGA9uPAoXKhwbnZ752+rmp1vZryQRJS47CdhpNY/npJnApyjx31d0IE0iznOpMRvtGh5+Ou+S/hLYuFnYqnNOB4ikWAzCqvHX4gA/wgGcJ0/5nL2AoUFKP8ayIju+ls0fo0KPEK33YTin7smtkgrY7qohgJeaa/nLOC/4Ft/HC88vrdQ0q269Ap3WPzNNthwyHGEtExX9UH4/lfA5iLoxT5lUSv474KvO+Tr5wf7lMkV/Ni3ZpWkDBKI+e3Iwsgnir13k//2Vkf166OcGwduTFegnhfW6F02AQ= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB9PR08MB7179.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(396003)(39860400002)(376002)(136003)(346002)(366004)(230922051799003)(1800799009)(186009)(451199024)(64100799003)(66946007)(66556008)(38100700002)(478600001)(2616005)(26005)(53546011)(86362001)(6666004)(6486002)(6506007)(6512007)(316002)(2906002)(5660300002)(41300700001)(36756003)(66476007)(110136005)(4326008)(8936002)(8676002)(44832011);DIR:OUT;SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAVPR08MB9062 Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DBAEUR03FT013.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 439dfc9d-0edd-4266-66cb-08dbc5ab5d63 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 59XjghJnO5u+2PjL9bj06r37/m2JZO9YAADcsefo2K5V0K8+wXZXY9Ryjek/SQ0WmorCn5b8WwGUSWxB7ut7n/SGJxlhWH4yHMlLbsq3n7RyGLVSPTd1KohOjNP7cS1C3VZGyAkGKRh7n75ydZ3whJhqBA7aWZ2Rr2WsMUtp2XlCj6bXPFM9UfUVHMl20/S3Rpv1lftbEGVHmwwQhNmdtLb1kMAudhiw9rKutnr1JyDxSHUIModFrpGpJTneLJAbmGSJeCkbMXNL+14CUwxbFc2jSmP76Lgui9HqUeD+zTjH0xzrZSAAkInVG1sFijmVMwKPvYunwfLYvd+oSGRu3i2FO7dyJO8FazI3RYuZGWoLXLsLUpH1CX54fm9A18Mlz/68ymCB1PwQN7vAR7ddD5xh43Py632Wt+pu5shqSDOu48B7u4prWy7Oinjx6wOL9V8cPFto6+5TBSrswZGKHsOpX06hFBkuyQhlDpvu6oOx6zmW2D8horxSmHySuU426rOP5ed7UdVIqJDoO09NmgJXKNZ1KLU6zg3MLUgVVUcstdkJ0cSq91Nyf3Y5dkywHw/mmmCpD5oQ2komkP7dhiCD1WCIyjxxm3+qH9ucLm9G+1dD3oPWPL7UWRxHvAHrQ2U623sWU9wTGydIKA1YcJBg5TkedkTck5h6sr1nm3fb57ZOiuA5wTXGMm1CvdJx7cqtjZKci2DklVSPDTehy4uGMo64ESTXyQSZCIOBhlFVDDYb+gOHCGwTNeHYTxgk X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230031)(4636009)(346002)(396003)(136003)(39860400002)(376002)(230922051799003)(186009)(451199024)(82310400011)(64100799003)(1800799009)(36840700001)(40470700004)(46966006)(44832011)(40460700003)(316002)(8676002)(40480700001)(8936002)(47076005)(41300700001)(70586007)(36860700001)(82740400003)(356005)(81166007)(4326008)(110136005)(2906002)(86362001)(6486002)(36756003)(70206006)(6506007)(478600001)(336012)(450100002)(5660300002)(6512007)(26005)(107886003)(6666004)(53546011)(2616005);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Oct 2023 14:00:11.8195 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1b42314d-c161-446d-f507-08dbc5ab646f X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: DBAEUR03FT013.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB5520 X-Spam-Status: No, score=-5.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,FORGED_SPF_HELO,KAM_DMARC_NONE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE,TXREP,UNPARSEABLE_RELAY autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: The 10/05/2023 08:55, Siddhesh Poyarekar wrote: > On 2023-10-05 04:19, Szabolcs Nagy wrote: > > i'd fix this in one place that makes the behaviour easy > > to reason about: _dl_next_ld_env_entry in rtld should > > just return empty in secure mode and same for getenv, > > internally it should return empty. > > > > then we know that nothing in libc can depend on the env. > > (if something parses env directly that should be fixed) > > > > if anything, there should be a whitelist, not blacklist > > of env vars. > > That won't work because it would require knowledge of (or a mechanism to > specify) safety of environment variables used by the application and its > children. The current unsecvars approach is probably the best option. why would you need a whitelist of application envvars? if there is any env var usage *in libc* that is valid to affect setuid binaries then those should be whitelisted. (black list works too, but more error prone in imo) > > of course this changes behaviour, so if we want to be > > bw compat then we have to live with the current unsetenv > > logic. > > The current unsetenv logic is well reasoned IMO; the tunables layer made it > complicated and it ought to be sufficient to just remove that. But that > would require dropping the memory tagging tunable from SXID_IGNORE and > erasing GLIBC_TUNABLES by putting it in unsecvars.h. i think it is broken to rewrite env[] that is passed by the kernel. but since glibc always did this i guess it's fine.