Annotation of /trunk/glibc/patches/glibc-2.38-propagate-GLIBC_TUNABLES-in-setxid-binaries.patch
Parent Directory
| 
Revision Log
Revision 3784 -
(hide annotations)
(download)
Wed Oct 11 13:51:10 2023 UTC (7 months, 1 week ago) by niro
File size: 1165 byte(s)
Wed Oct 11 13:51:10 2023 UTC (7 months, 1 week ago) by niro
File size: 1165 byte(s)
-added security fixes
| 1 | niro | 3784 | From 73e3fcd1a552783e66ff1f65c5f322e2f17a81d1 Mon Sep 17 00:00:00 2001 |
| 2 | From: Siddhesh Poyarekar <siddhesh@sourceware.org> | ||
| 3 | Date: Tue, 19 Sep 2023 13:25:40 -0400 | ||
| 4 | Subject: [PATCH] Propagate GLIBC_TUNABLES in setxid binaries | ||
| 5 | |||
| 6 | GLIBC_TUNABLES scrubbing happens earlier than envvar scrubbing and some | ||
| 7 | tunables are required to propagate past setxid boundary, like their | ||
| 8 | env_alias. Rely on tunable scrubbing to clean out GLIBC_TUNABLES like | ||
| 9 | before, restoring behaviour in glibc 2.37 and earlier. | ||
| 10 | |||
| 11 | Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> | ||
| 12 | Reviewed-by: Carlos O'Donell <carlos@redhat.com> | ||
| 13 | (cherry picked from commit 0d5f9ea97f1b39f2a855756078771673a68497e1) | ||
| 14 | --- | ||
| 15 | sysdeps/generic/unsecvars.h | 1 - | ||
| 16 | 1 file changed, 1 deletion(-) | ||
| 17 | |||
| 18 | diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h | ||
| 19 | index 81397fb90b..8278c50a84 100644 | ||
| 20 | --- a/sysdeps/generic/unsecvars.h | ||
| 21 | +++ b/sysdeps/generic/unsecvars.h | ||
| 22 | @@ -4,7 +4,6 @@ | ||
| 23 | #define UNSECURE_ENVVARS \ | ||
| 24 | "GCONV_PATH\0" \ | ||
| 25 | "GETCONF_DIR\0" \ | ||
| 26 | - "GLIBC_TUNABLES\0" \ | ||
| 27 | "HOSTALIASES\0" \ | ||
| 28 | "LD_AUDIT\0" \ | ||
| 29 | "LD_DEBUG\0" \ | ||
| 30 | -- | ||
| 31 | 2.39.3 | ||
| 32 |