[04/11] elf: Add GLIBC_TUNABLES to unsecvars

Message ID	20231010180111.561793-5-adhemerval.zanella@linaro.org
State	New
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 26FAF38560AA From: Adhemerval Zanella <adhemerval.zanella@linaro.org> To: libc-alpha@sourceware.org, Siddhesh Poyarekar <siddhesh@sourceware.org> Subject: [PATCH 04/11] elf: Add GLIBC_TUNABLES to unsecvars Date: Tue, 10 Oct 2023 15:01:04 -0300 Message-Id: <20231010180111.561793-5-adhemerval.zanella@linaro.org> In-Reply-To: <20231010180111.561793-1-adhemerval.zanella@linaro.org> References: <20231010180111.561793-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: libc-alpha-bounces+patch=linaro.org@sourceware.org
Series	Improve tunable handling \| expand [00/11] Improve tunable handling [01/11] elf: Remove /etc/suid-debug support [02/11] elf: Ignore GLIBC_TUNABLES for setuid/setgid binaries [03/11] elf: Add all malloc tunable to unsecvars [04/11] elf: Add GLIBC_TUNABLES to unsecvars [05/11] elf: Do not process invalid tunable format [06/11] elf: Do not parse ill-formatted strings [07/11] elf: Fix _dl_debug_vdprintf to work before self-relocation [08/11] elf: Emit warning if tunable is ill-formatted [09/11] x86: Use dl-symbol-redir-ifunc.h on cpu-tunables [10/11] s390: Use dl-symbol-redir-ifunc.h on cpu-tunables [11/11] elf: Do not duplicate the GLIBC_TUNABLES string

Message ID

20231010180111.561793-5-adhemerval.zanella@linaro.org

State

New

Headers

Received-SPF: pass (google.com: domain of
 libc-alpha-bounces+patch=linaro.org@sourceware.org designates 8.43.85.97 as
 permitted sender) client-ip=8.43.85.97;
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 26FAF38560AA
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: libc-alpha@sourceware.org,
	Siddhesh Poyarekar <siddhesh@sourceware.org>
Subject: [PATCH 04/11] elf: Add GLIBC_TUNABLES to unsecvars
Date: Tue, 10 Oct 2023 15:01:04 -0300
Message-Id: <20231010180111.561793-5-adhemerval.zanella@linaro.org>
In-Reply-To: <20231010180111.561793-1-adhemerval.zanella@linaro.org>
References: <20231010180111.561793-1-adhemerval.zanella@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: list
Errors-To: libc-alpha-bounces+patch=linaro.org@sourceware.org

Series

Improve tunable handling | expand

Commit Message

Adhemerval Zanella Oct. 10, 2023, 6:01 p.m. UTC

setuid/setgid process now ignores any glibc tunables, and filters out
all environment variables that might changes its behavior. This patch
also adds GLIBC_TUNABLES, so any spawned process by setuid/setgid
processes should set tunable explicitly.

Checked on x86_64-linux-gnu.
---
 elf/tst-env-setuid-tunables.c | 11 +++--------
 sysdeps/generic/unsecvars.h   |  1 +
 2 files changed, 4 insertions(+), 8 deletions(-)

Comments

Florian Weimer Oct. 12, 2023, 8:46 a.m. UTC | #1

* Adhemerval Zanella:

> setuid/setgid process now ignores any glibc tunables, and filters out
> all environment variables that might changes its behavior. This patch
> also adds GLIBC_TUNABLES, so any spawned process by setuid/setgid
> processes should set tunable explicitly.

This should be committed earlier, before the patch that removes
SXID_ERASE support.

Otherwise:

Reviewed-by: Florian Weimer <fweimer@redhat.com>

Thanks,
Florian

Adhemerval Zanella Oct. 13, 2023, 1:51 p.m. UTC | #2

On 12/10/23 05:46, Florian Weimer wrote:
> * Adhemerval Zanella:
> 
>> setuid/setgid process now ignores any glibc tunables, and filters out
>> all environment variables that might changes its behavior. This patch
>> also adds GLIBC_TUNABLES, so any spawned process by setuid/setgid
>> processes should set tunable explicitly.
> 
> This should be committed earlier, before the patch that removes
> SXID_ERASE support.
> 
> Otherwise:
> 
> Reviewed-by: Florian Weimer <fweimer@redhat.com>

Do you mean move it before 'elf: Ignore GLIBC_TUNABLES for setuid/setgid binaries'
patch?

Florian Weimer Oct. 13, 2023, 2:11 p.m. UTC | #3

* Adhemerval Zanella Netto:

> On 12/10/23 05:46, Florian Weimer wrote:
>> * Adhemerval Zanella:
>> 
>>> setuid/setgid process now ignores any glibc tunables, and filters out
>>> all environment variables that might changes its behavior. This patch
>>> also adds GLIBC_TUNABLES, so any spawned process by setuid/setgid
>>> processes should set tunable explicitly.
>> 
>> This should be committed earlier, before the patch that removes
>> SXID_ERASE support.
>> 
>> Otherwise:
>> 
>> Reviewed-by: Florian Weimer <fweimer@redhat.com>
>
> Do you mean move it before 'elf: Ignore GLIBC_TUNABLES for
> setuid/setgid binaries' patch?

Yes, exactly.

Thanks,
Florian

Adhemerval Zanella Oct. 13, 2023, 2:26 p.m. UTC | #4

On 13/10/23 11:11, Florian Weimer wrote:
> * Adhemerval Zanella Netto:
> 
>> On 12/10/23 05:46, Florian Weimer wrote:
>>> * Adhemerval Zanella:
>>>
>>>> setuid/setgid process now ignores any glibc tunables, and filters out
>>>> all environment variables that might changes its behavior. This patch
>>>> also adds GLIBC_TUNABLES, so any spawned process by setuid/setgid
>>>> processes should set tunable explicitly.
>>>
>>> This should be committed earlier, before the patch that removes
>>> SXID_ERASE support.
>>>
>>> Otherwise:
>>>
>>> Reviewed-by: Florian Weimer <fweimer@redhat.com>
>>
>> Do you mean move it before 'elf: Ignore GLIBC_TUNABLES for
>> setuid/setgid binaries' patch?
> 
> Yes, exactly.

Alright, I will change it.

diff --git a/elf/tst-env-setuid-tunables.c b/elf/tst-env-setuid-tunables.c
index 3232f6b4c1..39b3648aa6 100644
--- a/elf/tst-env-setuid-tunables.c
+++ b/elf/tst-env-setuid-tunables.c
@@ -64,15 +64,10 @@  test_child (int off)
 
   printf ("    [%d] GLIBC_TUNABLES is %s\n", off, val);
   fflush (stdout);
-  if (val == NULL)
-    printf ("    [%d] GLIBC_TUNABLES environment variable absent\n", off);
+  if (val != NULL)
+    printf ("    [%d] Unexpected GLIBC_TUNABLES VALUE %s\n", off, val);
   else
-    {
-      if (strcmp (val, teststrings[off]) != 0)
-	printf ("    [%d] Unexpected GLIBC_TUNABLES VALUE %s\n", off, val);
-      else
-	ret = 0;
-    }
+    ret = 0;
   fflush (stdout);
 
   int32_t check = TUNABLE_GET_FULL (glibc, malloc, check, int32_t, NULL);
diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h
index ca70e2e989..f7ebed60e5 100644
--- a/sysdeps/generic/unsecvars.h
+++ b/sysdeps/generic/unsecvars.h
@@ -4,6 +4,7 @@ 
 #define UNSECURE_ENVVARS \
   "GCONV_PATH\0"							      \
   "GETCONF_DIR\0"							      \
+  "GLIBC_TUNABLES\0"							      \
   "HOSTALIASES\0"							      \
   "LD_AUDIT\0"								      \
   "LD_DEBUG\0"								      \

[04/11] elf: Add GLIBC_TUNABLES to unsecvars

Commit Message

Comments

Patch