projects / ipfire-2.x.git / blame
| Commit | Line | Data |
|---|---|---|
| b9215da1 MT |
1 | From 73e3fcd1a552783e66ff1f65c5f322e2f17a81d1 Mon Sep 17 00:00:00 2001 |
| 2 | From: Siddhesh Poyarekar <siddhesh@sourceware.org> | |
| 3 | Date: Tue, 19 Sep 2023 13:25:40 -0400 | |
| a61a21ef | 4 | Subject: [PATCH 26/44] Propagate GLIBC_TUNABLES in setxid binaries |
| b9215da1 MT |
5 | |
| 6 | GLIBC_TUNABLES scrubbing happens earlier than envvar scrubbing and some | |
| 7 | tunables are required to propagate past setxid boundary, like their | |
| 8 | env_alias. Rely on tunable scrubbing to clean out GLIBC_TUNABLES like | |
| 9 | before, restoring behaviour in glibc 2.37 and earlier. | |
| 10 | ||
| 11 | Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> | |
| 12 | Reviewed-by: Carlos O'Donell <carlos@redhat.com> | |
| 13 | (cherry picked from commit 0d5f9ea97f1b39f2a855756078771673a68497e1) | |
| 14 | --- | |
| 15 | sysdeps/generic/unsecvars.h | 1 - | |
| 16 | 1 file changed, 1 deletion(-) | |
| 17 | ||
| 18 | diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h | |
| 19 | index 81397fb90b..8278c50a84 100644 | |
| 20 | --- a/sysdeps/generic/unsecvars.h | |
| 21 | +++ b/sysdeps/generic/unsecvars.h | |
| 22 | @@ -4,7 +4,6 @@ | |
| 23 | #define UNSECURE_ENVVARS \ | |
| 24 | "GCONV_PATH\0" \ | |
| 25 | "GETCONF_DIR\0" \ | |
| 26 | - "GLIBC_TUNABLES\0" \ | |
| 27 | "HOSTALIASES\0" \ | |
| 28 | "LD_AUDIT\0" \ | |
| 29 | "LD_DEBUG\0" \ | |
| 30 | -- | |
| 31 | 2.39.2 | |
| 32 |