qiurui
/
glibc
mirror of git://sourceware.org/git/glibc.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
glibc/elf
History
Siddhesh Poyarekar 2ed18c5b53 Fix SXID_ERASE behavior in setuid programs (BZ #27471) 
When parse_tunables tries to erase a tunable marked as SXID_ERASE for
setuid programs, it ends up setting the envvar string iterator
incorrectly, because of which it may parse the next tunable
incorrectly.  Given that currently the implementation allows malformed
and unrecognized tunables pass through, it may even allow SXID_ERASE
tunables to go through.

This change revamps the SXID_ERASE implementation so that:

- Only valid tunables are written back to the tunestr string, because
  of which children of SXID programs will only inherit a clean list of
  identified tunables that are not SXID_ERASE.

- Unrecognized tunables get scrubbed off from the environment and
  subsequently from the child environment.

- This has the side-effect that a tunable that is not identified by
  the setxid binary, will not be passed on to a non-setxid child even
  if the child could have identified that tunable.  This may break
  applications that expect this behaviour but expecting such tunables
  to cross the SXID boundary is wrong.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
 		2021-04-12 19:03:19 +05:30
..
tst-glibc-hwcaps-2-cache.root
tst-glibc-hwcaps-cache.root
tst-glibc-hwcaps-prepend-cache.root
tst-ldconfig-bad-aux-cache.root
tst-ldconfig-ld_so_conf-update.root
Makefile Enhance setuid-tunables test 2021-04-12 19:03:19 +05:30
Versions
argv0test.c
cache.c
chroot_canon.c
circleload1.c
circlemod1.c
circlemod1a.c
circlemod2.c
circlemod2a.c
circlemod3.c
circlemod3a.c
constload1.c
constload2.c
constload3.c
dblload.c
dblloadmod1.c
dblloadmod2.c
dblloadmod3.c
dblunload.c
dep1.c
dep2.c
dep3.c
dep4.c
dl-addr-obj.c
dl-addr.c
dl-brk.c
dl-cache.c
dl-call-libc-early-init.c
dl-close.c
dl-conflict.c
dl-debug.c
dl-deps.c
dl-diagnostics-cpu.c
dl-diagnostics-kernel.c
dl-diagnostics.c
dl-diagnostics.h
dl-dst.h
dl-environ.c
dl-error-minimal.c
dl-error-skeleton.c
dl-error.c
dl-exception.c
dl-execstack.c
dl-fini.c
dl-fptr.c
dl-hwcaps-subdirs.c
dl-hwcaps.c
dl-hwcaps.h
dl-hwcaps_split.c
dl-init.c
dl-iteratephdr.c
dl-libc.c
dl-load.c
dl-load.h
dl-lookup-direct.c
dl-lookup.c
dl-machine-reject-phdr.h
dl-main.h
dl-map-segments.h
dl-minimal.c
dl-misc.c
dl-object.c
dl-open.c
dl-origin.c
dl-profile.c
dl-profstub.c
dl-reloc-static-pie.c
dl-reloc.c
dl-runtime.c
dl-runtime.h
dl-sbrk.c
dl-scope.c
dl-sort-maps.c
dl-support.c
dl-sym-post.h
dl-sym.c
dl-symaddr.c
dl-sysdep-open.h
dl-sysdep.c
dl-thread_gscope_wait.c
dl-tls.c
dl-trampoline.c
dl-tunable-types.h
dl-tunables.c Fix SXID_ERASE behavior in setuid programs (BZ #27471) 2021-04-12 19:03:19 +05:30
dl-tunables.h
dl-tunables.list
dl-unmap-segments.h
dl-usage.c
dl-version.c
dl-write.c
dl-writev.h
do-rel.h
dynamic-link.h
elf.h
enbl-secure.c
failobj.c
filter.c
filtmod1.c
filtmod2.c
firstobj.c
gen-trusted-dirs.awk
genrtldtbl.awk
get-dynamic-info.h
global.c
globalmod1.c
ifuncdep1.c
ifuncdep1pic.c
ifuncdep2.c
ifuncdep2pic.c
ifuncdep5.c
ifuncdep5pic.c
ifuncmain1.c
ifuncmain1pic.c
ifuncmain1picstatic.c
ifuncmain1pie.c
ifuncmain1static.c
ifuncmain1staticpic.c
ifuncmain1staticpie.c
ifuncmain1vis.c
ifuncmain1vispic.c
ifuncmain1vispie.c
ifuncmain2.c
ifuncmain2pic.c
ifuncmain2picstatic.c
ifuncmain2static.c
ifuncmain3.c
ifuncmain4.c
ifuncmain4picstatic.c
ifuncmain4static.c
ifuncmain5.c
ifuncmain5pic.c
ifuncmain5picstatic.c
ifuncmain5pie.c
ifuncmain5static.c
ifuncmain5staticpic.c
ifuncmain6pie.c
ifuncmain7.c
ifuncmain7pic.c
ifuncmain7picstatic.c
ifuncmain7pie.c
ifuncmain7static.c
ifuncmain9.c
ifuncmain9pic.c
ifuncmain9picstatic.c
ifuncmain9pie.c
ifuncmain9static.c
ifuncmod1.c
ifuncmod3.c
ifuncmod5.c
ifuncmod6.c
initfirst.c
interp.c
lateglobal.c
ldconfig.c
ldd.bash.in
libc-early-init.h
libc_early_init.c
link.h
loadfail.c
loadtest.c
ltglobmod1.c
ltglobmod2.c
markermodMARKER-VALUE.c
multiload.c
neededobj1.c
neededobj2.c
neededobj3.c
neededobj4.c
neededobj5.c
neededobj6.c
neededtest.c
neededtest2.c
neededtest3.c
neededtest4.c
next.c
nextmod1.c
nextmod2.c
nodel2mod1.c
nodel2mod2.c
nodel2mod3.c
nodelete.c
nodelete2.c
nodelmod1.c
nodelmod2.c
nodelmod3.c
nodelmod4.c
nodlopen.c
nodlopen2.c
nodlopenmod.c
nodlopenmod2.c
noload.c
order.c
order2.c
order2mod1.c
order2mod2.c
order2mod3.c
order2mod4.c
origtest.c
pathoptobj.c
pldd-xx.c
pldd.c
preloadtest.c
readelflib.c
readlib.c
reldep.c
reldep2.c
reldep3.c
reldep4.c
reldep4mod1.c
reldep4mod2.c
reldep4mod3.c
reldep4mod4.c
reldep5.c
reldep6.c
reldep6mod0.c
reldep6mod1.c
reldep6mod2.c
reldep6mod3.c
reldep6mod4.c
reldep7.c
reldep7mod1.c
reldep7mod2.c
reldep8.c
reldep8mod1.c
reldep8mod2.c
reldep8mod3.c
reldep9.c
reldep9mod1.c
reldep9mod2.c
reldep9mod3.c
reldepmod1.c
reldepmod2.c
reldepmod3.c
reldepmod4.c
reldepmod5.c
reldepmod6.c
resolvfail.c
restest1.c
restest2.c
rtld-Rules
rtld-debugger-interface.txt
rtld.c
setup-vdso.h
sln.c
sofini.c
sotruss-lib.c
sotruss.sh
sprof.c
static-stubs.c
stringtable.c
stringtable.h
stringtable_free.c
testobj.h
testobj1.c
testobj1_1.c
testobj2.c
testobj3.c
testobj4.c
testobj5.c
testobj6.c
tls-macros.h
tlsdeschtab.h
tst-_dl_addr_inside_object.c
tst-absolute-sym-lib.c
tst-absolute-sym-lib.lds
tst-absolute-sym.c
tst-absolute-zero-lib.c
tst-absolute-zero-lib.lds
tst-absolute-zero.c
tst-addr1.c
tst-align.c
tst-align2.c
tst-alignmod.c
tst-alignmod2.c
tst-array1-static.c
tst-array1.c
tst-array1.exp
tst-array2.c
tst-array2.exp
tst-array2dep.c
tst-array3.c
tst-array4.c
tst-array4.exp
tst-array5-static.c
tst-array5-static.exp
tst-array5.c
tst-array5.exp
tst-array5dep.c
tst-audit1.c
tst-audit2.c
tst-audit8.c
tst-audit9.c
tst-audit11.c
tst-audit11mod1.c
tst-audit11mod2.c
tst-audit11mod2.map
tst-audit12.c
tst-audit12mod1.c
tst-audit12mod2.c
tst-audit12mod2.map
tst-audit12mod3.c
tst-audit13.c
tst-audit13mod1.c
tst-audit14.c
tst-audit15.c
tst-audit16.c
tst-auditlogmod-1.c
tst-auditlogmod-2.c
tst-auditlogmod-3.c
tst-auditmany.c
tst-auditmanymod.h
tst-auditmanymod1.c
tst-auditmanymod2.c
tst-auditmanymod3.c
tst-auditmanymod4.c
tst-auditmanymod5.c
tst-auditmanymod6.c
tst-auditmanymod7.c
tst-auditmanymod8.c
tst-auditmanymod9.c
tst-auditmod1.c
tst-auditmod9a.c
tst-auditmod9b.c
tst-auditmod11.c
tst-auditmod12.c
tst-auxobj-dlopen.c
tst-auxobj.c
tst-auxv.c
tst-big-note-lib.S
tst-big-note.c
tst-create_format1.c
tst-debug1.c
tst-deep1.c
tst-deep1mod1.c
tst-deep1mod2.c
tst-deep1mod3.c
tst-dl-hwcaps_split.c
tst-dl-iter-static.c
tst-dlmodcount.c
tst-dlmopen1.c
tst-dlmopen1mod.c
tst-dlmopen2.c
tst-dlmopen3.c
tst-dlopen-nodelete-reloc-mod1.c
tst-dlopen-nodelete-reloc-mod2.c
tst-dlopen-nodelete-reloc-mod3.c
tst-dlopen-nodelete-reloc-mod4.c
tst-dlopen-nodelete-reloc-mod5.c
tst-dlopen-nodelete-reloc-mod6.cc
tst-dlopen-nodelete-reloc-mod7.cc
tst-dlopen-nodelete-reloc-mod8.c
tst-dlopen-nodelete-reloc-mod9.cc
tst-dlopen-nodelete-reloc-mod10.c
tst-dlopen-nodelete-reloc-mod11.cc
tst-dlopen-nodelete-reloc-mod12.cc
tst-dlopen-nodelete-reloc-mod13.cc
tst-dlopen-nodelete-reloc-mod13.h
tst-dlopen-nodelete-reloc-mod14.cc
tst-dlopen-nodelete-reloc-mod15.cc
tst-dlopen-nodelete-reloc-mod16.c
tst-dlopen-nodelete-reloc-mod17.c
tst-dlopen-nodelete-reloc.c
tst-dlopen-nodelete-reloc.h
tst-dlopen-pie.c
tst-dlopen-self-container.c
tst-dlopen-self-pie.c
tst-dlopen-self.c
tst-dlopen-tlsmodid-container.c
tst-dlopen-tlsmodid-pie.c
tst-dlopen-tlsmodid.c
tst-dlopen-tlsmodid.h
tst-dlopenfail-2.c
tst-dlopenfail.c
tst-dlopenfaillinkmod.c
tst-dlopenfailmod1.c
tst-dlopenfailmod2.c
tst-dlopenfailmod3.c
tst-dlopenrpath.c
tst-dlopenrpathmod.c
tst-dlsym-error.c
tst-dst-static.c
tst-env-setuid-tunables.c Fix SXID_ERASE behavior in setuid programs (BZ #27471) 2021-04-12 19:03:19 +05:30
tst-env-setuid.c tst-env-setuid: Use support_capture_subprogram_self_sgid 2021-04-12 19:03:19 +05:30
tst-execstack-mod.c
tst-execstack-needed.c
tst-execstack-prog.c
tst-execstack.c
tst-filterobj-aux.c
tst-filterobj-dlopen.c
tst-filterobj-filtee.c
tst-filterobj-filtee.h
tst-filterobj-flt.c
tst-filterobj.c
tst-finilazyfailmod.c
tst-glibc-hwcaps-2-cache.c
tst-glibc-hwcaps-2-cache.script
tst-glibc-hwcaps-cache.c
tst-glibc-hwcaps-cache.script
tst-glibc-hwcaps-mask.c
tst-glibc-hwcaps-prepend-cache.c
tst-glibc-hwcaps-prepend.c
tst-glibc-hwcaps.c
tst-global1.c
tst-gnu2-tls1.c
tst-gnu2-tls1mod.c
tst-ifunc-fault-bindnow.c
tst-ifunc-fault-lazy.c
tst-ifunc-textrel.c
tst-initfinilazyfail.c
tst-initlazyfailmod.c
tst-initorder.c
tst-initorder.exp
tst-initorder2.c
tst-initorder2.exp
tst-initordera1.c
tst-initordera2.c
tst-initordera3.c
tst-initordera4.c
tst-initorderb1.c
tst-initorderb2.c
tst-latepthread.c
tst-latepthreadmod.c
tst-ldconfig-X.sh
tst-ldconfig-bad-aux-cache.c
tst-ldconfig-ld-mod.c
tst-ldconfig-ld_so_conf-update.c
tst-leaks1-static.c
tst-leaks1.c
tst-libc_dlvsym-dso.c
tst-libc_dlvsym-static.c
tst-libc_dlvsym.c
tst-libc_dlvsym.h
tst-linkall-static.c
tst-main1.c
tst-main1mod.c
tst-nodelete-dlclose-dso.c
tst-nodelete-dlclose-plugin.c
tst-nodelete-dlclose.c
tst-nodelete-opened-lib.c
tst-nodelete-opened.c
tst-nodelete-rtldmod.cc
tst-nodelete-uniquemod.cc
tst-nodelete-zmod.cc
tst-nodelete.cc
tst-nodelete2.c
tst-nodelete2mod.c
tst-noload.c
tst-null-argv-lib.c
tst-null-argv.c
tst-order-a1.c
tst-order-a2.c
tst-order-a3.c
tst-order-a4.c
tst-order-b1.c
tst-order-b2.c
tst-order-main.c
tst-pathopt.c
tst-pathopt.sh
tst-pie1.c
tst-pie2.c
tst-piemod1.c
tst-pldd.c
tst-prelink-cmp.c
tst-prelink.c
tst-preload-pthread-libc.c
tst-protected1a.c
tst-protected1b.c
tst-protected1mod.h
tst-protected1moda.c
tst-protected1modb.c
tst-ptrguard1-static.c
tst-ptrguard1.c
tst-relsort1.c
tst-relsort1mod1.c
tst-relsort1mod2.c
tst-rtld-argv0.sh
tst-rtld-list-tunables.exp
tst-rtld-list-tunables.sh
tst-rtld-load-self.sh
tst-rtld-preload.sh
tst-single_threaded-mod1.c
tst-single_threaded-mod2.c
tst-single_threaded-mod3.c
tst-single_threaded-mod4.c
tst-single_threaded-pthread-static.c
tst-single_threaded-pthread.c
tst-single_threaded-static-dlopen.c
tst-single_threaded-static.c
tst-single_threaded.c
tst-sonamemove-dlopen.c
tst-sonamemove-link.c
tst-sonamemove-linkmod1.c
tst-sonamemove-linkmod1.map
tst-sonamemove-runmod1.c
tst-sonamemove-runmod1.map
tst-sonamemove-runmod2.c
tst-sonamemove-runmod2.map
tst-stackguard1-static.c
tst-stackguard1.c
tst-stringtable.c
tst-thrlock.c
tst-tls-dlinfo.c
tst-tls-ie-dlmopen.c
tst-tls-ie-mod.h
tst-tls-ie-mod0.c
tst-tls-ie-mod1.c
tst-tls-ie-mod2.c
tst-tls-ie-mod3.c
tst-tls-ie-mod4.c
tst-tls-ie-mod5.c
tst-tls-ie-mod6.c
tst-tls-ie.c
tst-tls-manydynamic.c
tst-tls-manydynamic.h
tst-tls-manydynamicmod.c
tst-tls-surplus.c
tst-tls1-static-non-pie.c
tst-tls1-static.c
tst-tls1.c
tst-tls2-static.c
tst-tls2.c
tst-tls3.c
tst-tls4.c
tst-tls5.c
tst-tls6.c
tst-tls7.c
tst-tls8.c
tst-tls9-static.c
tst-tls9.c
tst-tls10.c
tst-tls10.h
tst-tls11.c
tst-tls12.c
tst-tls13.c
tst-tls14.c
tst-tls15.c
tst-tls16.c
tst-tls17.c
tst-tls18.c
tst-tls19.c
tst-tls19mod1.c
tst-tls19mod2.c
tst-tls19mod3.c
tst-tlsalign-extern-static.c
tst-tlsalign-extern.c
tst-tlsalign-lib.c
tst-tlsalign-static.c
tst-tlsalign-vars.c
tst-tlsalign.c
tst-tlsmod1.c
tst-tlsmod2.c
tst-tlsmod3.c
tst-tlsmod4.c
tst-tlsmod5.c
tst-tlsmod6.c
tst-tlsmod7.c
tst-tlsmod8.c
tst-tlsmod9.c
tst-tlsmod10.c
tst-tlsmod11.c
tst-tlsmod12.c
tst-tlsmod13.c
tst-tlsmod13a.c
tst-tlsmod14a.c
tst-tlsmod14b.c
tst-tlsmod15a.c
tst-tlsmod15b.c
tst-tlsmod16a.c
tst-tlsmod16b.c
tst-tlsmod17a.c
tst-tlsmod17b.c
tst-tlsmod18a.c
tst-unique1.c
tst-unique1mod1.c
tst-unique1mod2.c
tst-unique2.c
tst-unique2mod1.c
tst-unique2mod2.c
tst-unique3.cc
tst-unique3.h
tst-unique3lib.cc
tst-unique3lib2.cc
tst-unique4.cc
tst-unique4.h
tst-unique4lib.cc
tst-unwind-ctor-lib.c
tst-unwind-ctor.c
tst-unwind-main.c
unload.c
unload2.c
unload2dep.c
unload2mod.c
unload3.c
unload3mod1.c
unload3mod2.c
unload3mod3.c
unload3mod4.c
unload4.c
unload4mod1.c
unload4mod2.c
unload4mod3.c
unload4mod4.c
unload5.c
unload6.c
unload6mod1.c
unload6mod2.c
unload6mod3.c
unload7.c
unload7mod1.c
unload7mod2.c
unload8.c
unload8mod1.c
unload8mod1x.c
unload8mod2.c
unload8mod3.c
unloadmod.c
vismain.c
vismod.h
vismod1.c
vismod2.c
vismod3.c