Note some further details of the treatment of environment
variables in secure execution mode. In particular (as noted by
Matthias Hertel), note that ignored environment variables are also
stripped from the environment. Furthermore, there are some other
variables, not used by the dynamic linker itself, that are also
treated in this way (see the glibc source file
sysdeps/generic/unsecvars.h).
Reported-by: Matthias Hertel <Matthias.Hertel@rohde-schwarz.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
.\"
.SS Secure-execution mode
For security reasons,
.\"
.SS Secure-execution mode
For security reasons,
-the effects of some environment variables are voided or modified if
-the dynamic linker determines that the binary should be
-run in secure-execution mode.
-(For details, see the discussion of individual environment variables below.)
+if the dynamic linker determines that a binary should be
+run in secure-execution mode,
+the effects of some environment variables are voided or modified,
+and furthermore those environment variables are stripped from the environment,
+so that the program does not even see the definitions.
+Some of these environment variables affect the operation of
+the dynamic linker itself, and are described below.
+Other environment variables treated in this way include:
+.BR GCONV_PATH ,
+.BR GETCONF_DIR ,
+.BR HOSTALIASES ,
+.BR LOCALDOMAIN ,
+.BR LOCPATH ,
+.BR MALLOC_TRACE ,
+.BR NIS_PATH ,
+.BR NLSPATH ,
+.BR RESOLV_HOST_CONF ,
+.BR RES_OPTIONS ,
+.BR TMPDIR ,
+and
+.BR TZDIR .
+.PP
A binary is executed in secure-execution mode if the
.B AT_SECURE
entry in the auxiliary vector (see
A binary is executed in secure-execution mode if the
.B AT_SECURE
entry in the auxiliary vector (see