From: Siddhesh Poyarekar <siddhesh@sourceware.org>
To: libc-alpha@sourceware.org
Subject: [PING][PATCH v2 0/4] tunables and setxid programs
Date: Mon, 22 Mar 2021 10:02:35 +0530 [thread overview]
Message-ID: <ede75bd6-41ff-77c8-6cc5-c740ca36151e@sourceware.org> (raw)
In-Reply-To: <20210316070755.330084-1-siddhesh@sourceware.org>
On 3/16/21 12:37 PM, Siddhesh Poyarekar via Libc-alpha wrote:
> When parse_tunables tries to erase a tunable marked as SXID_ERASE for
> setuid programs, it ends up setting the envvar string iterator
> incorrectly, because of which it may parse the next tunable
> incorrectly. Given that currently the implementation allows malformed
> and unrecognized tunables pass through, it may even allow SXID_ERASE
> tunables to go through.
>
> This change revamps the SXID_ERASE implementation so that:
>
> - Only valid tunables are written back to the tunestr string, because
> of which children of SXID programs will only inherit a clean list of
> identified tunables that are not SXID_ERASE.
>
> - Unrecognized tunables get scrubbed off from the environment and
> subsequently from the child environment.
>
> - This has the side-effect that a tunable that is not identified by
> the setxid binary, will not be passed on to a non-setxid child even
> if the child could have identified that tunable. This may break
> applications that expect this behaviour but expecting such tunables
> to cross the SXID boundary is wrong.
>
> The setuid test for tunables has been bolstered to test different
> combinations of tunable values to ensure that the behaviour is now
> consistent.
>
> Siddhesh Poyarekar (4):
> support: Add capability to fork an sgid child
> tst-env-setuid: Use support_capture_subprogram_self_sgid
> Enhance setuid-tunables test
> Fix SXID_ERASE behavior in setuid programs (BZ #27471)
>
> elf/Makefile | 2 -
> elf/dl-tunables.c | 56 ++++----
> elf/tst-env-setuid-tunables.c | 118 +++++++++++++---
> elf/tst-env-setuid.c | 197 ++------------------------
> stdlib/tst-secure-getenv.c | 199 +++------------------------
> support/capture_subprocess.h | 6 +
> support/check.h | 12 ++
> support/subprocess.h | 5 +
> support/support_capture_subprocess.c | 114 +++++++++++++++
> support/support_subprocess.c | 13 ++
> 10 files changed, 304 insertions(+), 418 deletions(-)
>
prev parent reply other threads:[~2021-03-22 9:08 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-16 7:07 [PATCH " Siddhesh Poyarekar
2021-03-16 7:07 ` [PATCH 1/4] support: Add capability to fork an sgid child Siddhesh Poyarekar
2021-04-06 16:35 ` Carlos O'Donell
2021-04-09 15:25 ` [PATCH v2] " Siddhesh Poyarekar
2021-04-12 3:15 ` Carlos O'Donell
2021-03-16 7:07 ` [PATCH 2/4] tst-env-setuid: Use support_capture_subprogram_self_sgid Siddhesh Poyarekar
2021-04-06 16:39 ` Carlos O'Donell
2021-03-16 7:07 ` [PATCH 3/4] Enhance setuid-tunables test Siddhesh Poyarekar
2021-04-06 16:46 ` Carlos O'Donell
2021-03-16 7:07 ` [PATCH 4/4] Fix SXID_ERASE behavior in setuid programs (BZ #27471) Siddhesh Poyarekar
2021-04-06 19:47 ` Carlos O'Donell
2021-04-08 4:38 ` Siddhesh Poyarekar
2021-04-12 3:25 ` Carlos O'Donell
2021-04-12 3:30 ` Carlos O'Donell
2021-03-22 4:32 ` Siddhesh Poyarekar [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ede75bd6-41ff-77c8-6cc5-c740ca36151e@sourceware.org \
--to=siddhesh@sourceware.org \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).