]>
Commit | Line | Data |
---|---|---|
b9215da1 MT |
1 | From 73e3fcd1a552783e66ff1f65c5f322e2f17a81d1 Mon Sep 17 00:00:00 2001 |
2 | From: Siddhesh Poyarekar <siddhesh@sourceware.org> | |
3 | Date: Tue, 19 Sep 2023 13:25:40 -0400 | |
4 | Subject: [PATCH 26/27] Propagate GLIBC_TUNABLES in setxid binaries | |
5 | ||
6 | GLIBC_TUNABLES scrubbing happens earlier than envvar scrubbing and some | |
7 | tunables are required to propagate past setxid boundary, like their | |
8 | env_alias. Rely on tunable scrubbing to clean out GLIBC_TUNABLES like | |
9 | before, restoring behaviour in glibc 2.37 and earlier. | |
10 | ||
11 | Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> | |
12 | Reviewed-by: Carlos O'Donell <carlos@redhat.com> | |
13 | (cherry picked from commit 0d5f9ea97f1b39f2a855756078771673a68497e1) | |
14 | --- | |
15 | sysdeps/generic/unsecvars.h | 1 - | |
16 | 1 file changed, 1 deletion(-) | |
17 | ||
18 | diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h | |
19 | index 81397fb90b..8278c50a84 100644 | |
20 | --- a/sysdeps/generic/unsecvars.h | |
21 | +++ b/sysdeps/generic/unsecvars.h | |
22 | @@ -4,7 +4,6 @@ | |
23 | #define UNSECURE_ENVVARS \ | |
24 | "GCONV_PATH\0" \ | |
25 | "GETCONF_DIR\0" \ | |
26 | - "GLIBC_TUNABLES\0" \ | |
27 | "HOSTALIASES\0" \ | |
28 | "LD_AUDIT\0" \ | |
29 | "LD_DEBUG\0" \ | |
30 | -- | |
31 | 2.39.2 | |
32 |