From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pj1-x1029.google.com (mail-pj1-x1029.google.com [IPv6:2607:f8b0:4864:20::1029]) by sourceware.org (Postfix) with ESMTPS id 378C83858CDA for ; Tue, 21 Nov 2023 18:25:03 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 378C83858CDA Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 378C83858CDA Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::1029 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1700591104; cv=none; b=WeQHzWFKfTYXOLDyeP1xs39+jnOx/hhaTq2SjIr+NALbrncI64pCwRmYfoG8xwAkwqbAXtMjyrH8M8Yo1abOx++Buz5Gc0bGNvMS5OueTwqlSbDg6n1y0N1OnqBiS3XwGuUQaHP/D72n/5UxLUkI7LCYgK3jWoc886hYIBKuv1Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1700591104; c=relaxed/simple; bh=aJ1JBgUI3Kbw0dDvvjHImY3e1SqF5FVlwsM8uPepgQs=; h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From; b=YwKFHq2FIwtVwSsf6cgnDamgUYoh7Xnl6gmvoCJGbmSo5zFmj8jrH48a6Ty4eLbDn791GTkuZ4OKCr/tUcYBlMWeLDIpJM/+dw57YGQXHBRDrQCro8cLtKd5xoPVlQWoVSkBx3sWC6TXS6iruyZGtIiL6cbu3Zb0sqA2Y9ur7aQ= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pj1-x1029.google.com with SMTP id 98e67ed59e1d1-282fcf7eef9so4088431a91.1 for ; Tue, 21 Nov 2023 10:25:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1700591102; x=1701195902; darn=sourceware.org; h=content-transfer-encoding:in-reply-to:organization:from:references :to:content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=aUV6H35sV0DknUrAGgjI5heCoomCr32k3YZZb6KWseI=; b=nL7N1rhzeiYqcptKwpRE8xPvSteu9AaJjVUkTv0uBJn11rlF417vlz16KFaDzFHaxJ sm7GcowMSkoOLhLyA6pbJb7kewti601VtBJ4c96Qt+HpXCxHIxTGuf4KlgNRGKAsyCEv wA/jIJxT/aNN1+SdOZEEaC4qTQWG7YfTFJVtUbcOALQeutfCe2DSW9BtkDYUFbXRIuPh yR6rsRXRtrF90cDNDCTGf2uZgRaKQdKWCO1Gp2jtOHFPAVsbA9J0fLoD3DkWCFziDNOo IzkptPhGng2owcIUs1z9ELZpCRaeg7aWlo1aTT7k5wsW6cagl9+/iE4D6P26Q2S0DY6h uE8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700591102; x=1701195902; h=content-transfer-encoding:in-reply-to:organization:from:references :to:content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=aUV6H35sV0DknUrAGgjI5heCoomCr32k3YZZb6KWseI=; b=HEEd1tqjWCBvOnWYt0NKVv7yAfsXhv6ueyi8FhHS2swjm+dVX0UOlS1KEWEU00qiWl kc7T/1LEC8OoXoiiQ7eDScURr4LRRNQyT8xjR/n0ZdjAUp1N7ixvOUk697Ux514bD7qI GvJjmF7To1wfyzv+r7mp2cwgBeiBs49EorT3+ufp28S1YYHHuSh2Hwvrcbfl+S1Bz8IQ uRk+Tb5vyoaMJPnyOEagnBg685hKNNmn4Xdh6TuOUQgxiJUUxKHzJIwuwYMxJlSvOWf3 JmpoAk+HmhtSJ5BlIS7MlGXRoAZxP+G4J1HZCn+BOFtWESgiWv26F9ddOBE2xHGLWMB/ jEQw== X-Gm-Message-State: AOJu0Yz0+mhzuk454ocCKjcLV49eLIKxM4xB489jpRI1hlfy9DOHVl2J raCkPH5bZ3cEhfu39912fk2I5j6ezneT/CXbdFcHXA== X-Google-Smtp-Source: AGHT+IGHvEMsfXsIceOW4q338HFNEwOL5uYYHGaVny6VkJhA+3wZ2jkLvSgYjpaeiFz//X14MXNXnw== X-Received: by 2002:a17:90b:4b84:b0:283:2fad:4a01 with SMTP id lr4-20020a17090b4b8400b002832fad4a01mr9060426pjb.46.1700591102183; Tue, 21 Nov 2023 10:25:02 -0800 (PST) Received: from ?IPV6:2804:1b3:a7c2:94e:6d31:2e3e:8d88:83c3? ([2804:1b3:a7c2:94e:6d31:2e3e:8d88:83c3]) by smtp.gmail.com with ESMTPSA id w33-20020a17090a6ba400b0028066f3c373sm10590649pjj.17.2023.11.21.10.25.00 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 21 Nov 2023 10:25:01 -0800 (PST) Message-ID: Date: Tue, 21 Nov 2023 15:24:58 -0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v3 14/19] elf: Ignore loader debug env vars for setuid Content-Language: en-US To: Siddhesh Poyarekar , libc-alpha@sourceware.org References: <20231106202552.3404059-1-adhemerval.zanella@linaro.org> <20231106202552.3404059-15-adhemerval.zanella@linaro.org> From: Adhemerval Zanella Netto Organization: Linaro In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-11.4 required=5.0 tests=BAYES_00,BODY_8BITS,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 20/11/23 19:57, Siddhesh Poyarekar wrote: > On 2023-11-06 15:25, Adhemerval Zanella wrote: >> Loader already ignores LD_DEBUG, LD_DEBUG_OUTPUT, and >> LD_TRACE_LOADED_OBJECTS. Both LD_WARN and LD_VERBOSE are similar to >> LD_DEBUG, in the sense they enable additional checks and debug >> information, so it makes sense to disable them. >> >> Checked on x86_64-linux-gnu. >> --- > > Maybe also put it in unsecvars.h? Ack. > >>   elf/rtld.c           | 22 ++++++++++++++-------- >>   elf/tst-env-setuid.c |  2 ++ >>   2 files changed, 16 insertions(+), 8 deletions(-) >> >> diff --git a/elf/rtld.c b/elf/rtld.c >> index a09cf2a9df..e7f90d37e7 100644 >> --- a/elf/rtld.c >> +++ b/elf/rtld.c >> @@ -2552,13 +2552,15 @@ process_envvars (struct dl_main_state *state) >>       { >>       case 4: >>         /* Warning level, verbose or not.  */ >> -      if (memcmp (envline, "WARN", 4) == 0) >> +      if (!__libc_enable_secure >> +          && memcmp (envline, "WARN", 4) == 0) >>           GLRO(dl_verbose) = envline[5] != '\0'; >>         break; >>         case 5: >>         /* Debugging of the dynamic linker?  */ >> -      if (memcmp (envline, "DEBUG", 5) == 0) >> +      if (!__libc_enable_secure >> +          && memcmp (envline, "DEBUG", 5) == 0) >>           { >>             process_dl_debug (state, &envline[6]); >>             break; >> @@ -2569,7 +2571,8 @@ process_envvars (struct dl_main_state *state) >>         case 7: >>         /* Print information about versions.  */ >> -      if (memcmp (envline, "VERBOSE", 7) == 0) >> +      if (!__libc_enable_secure >> +          && memcmp (envline, "VERBOSE", 7) == 0) >>           { >>             state->version_info = envline[8] != '\0'; >>             break; >> @@ -2625,7 +2628,8 @@ process_envvars (struct dl_main_state *state) >>           } >>           /* Where to place the profiling data file.  */ >> -      if (memcmp (envline, "DEBUG_OUTPUT", 12) == 0) >> +      if (!__libc_enable_secure >> +          && memcmp (envline, "DEBUG_OUTPUT", 12) == 0) >>           { >>             debug_output = &envline[13]; >>             break; >> @@ -2646,7 +2650,8 @@ process_envvars (struct dl_main_state *state) >>         case 20: >>         /* The mode of the dynamic linker can be set.  */ >> -      if (memcmp (envline, "TRACE_LOADED_OBJECTS", 20) == 0) >> +      if (!__libc_enable_secure >> +          && memcmp (envline, "TRACE_LOADED_OBJECTS", 20) == 0) >>           { >>             state->mode = rtld_mode_trace; >>             state->mode_trace_program >> @@ -2668,9 +2673,10 @@ process_envvars (struct dl_main_state *state) >>       } >>         while (*nextp != '\0'); >>   -      GLRO(dl_debug_mask) = 0; >> - >> -      if (state->mode != rtld_mode_normal) >> +      if (GLRO(dl_debug_mask) != 0 >> +      || GLRO(dl_verbose) != 0 >> +      || state->mode != rtld_mode_normal >> +      || state->version_info) >>       _exit (5); >>       } >>     /* If we have to run the dynamic linker in debugging mode and the >> diff --git a/elf/tst-env-setuid.c b/elf/tst-env-setuid.c >> index 76b8e1fb45..dcf213a4cd 100644 >> --- a/elf/tst-env-setuid.c >> +++ b/elf/tst-env-setuid.c >> @@ -59,6 +59,8 @@ static const struct envvar_t filtered_envvars[] = >>     { "MALLOC_TRACE",            FILTERED_VALUE }, >>     { "MALLOC_TRIM_THRESHOLD_",  FILTERED_VALUE }, >>     { "RES_OPTIONS",             FILTERED_VALUE }, >> +  { "LD_DEBUG",                "all" }, >> +  { "LD_DEBUG_OUTPUT",         "/tmp/some-file" }, >>   }; >>     static const struct envvar_t unfiltered_envvars[] =