elf: Ignore loader debug env vars for setuid

Loader already ignores LD_DEBUG, LD_DEBUG_OUTPUT, and
LD_TRACE_LOADED_OBJECTS. Both LD_WARN and LD_VERBOSE are similar to
LD_DEBUG, in the sense they enable additional checks and debug
information, so it makes sense to disable them.

Also add both LD_VERBOSE and LD_WARN on filtered environment variables
for setuid binaries.

Checked on x86_64-linux-gnu.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

diff --git a/elf/rtld.c b/elf/rtld.c
index 19bedcd4a6284591e94acbe45184981d34ff87a1..55cdb4836e7536a2fe40a9779c6e90c04aa00be8 100644 (file)
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -2556,13 +2556,15 @@ process_envvars (struct dl_main_state *state)
        {
        case 4:
          /* Warning level, verbose or not.  */
-         if (memcmp (envline, "WARN", 4) == 0)
+         if (!__libc_enable_secure
+             && memcmp (envline, "WARN", 4) == 0)
            GLRO(dl_verbose) = envline[5] != '\0';
          break;
 
        case 5:
          /* Debugging of the dynamic linker?  */
-         if (memcmp (envline, "DEBUG", 5) == 0)
+         if (!__libc_enable_secure
+             && memcmp (envline, "DEBUG", 5) == 0)
            {
              process_dl_debug (state, &envline[6]);
              break;
@@ -2577,7 +2579,8 @@ process_envvars (struct dl_main_state *state)
 
        case 7:
          /* Print information about versions.  */
-         if (memcmp (envline, "VERBOSE", 7) == 0)
+         if (!__libc_enable_secure
+             && memcmp (envline, "VERBOSE", 7) == 0)
            {
              state->version_info = envline[8] != '\0';
              break;
@@ -2636,7 +2639,8 @@ process_envvars (struct dl_main_state *state)
            }
 
          /* Where to place the profiling data file.  */
-         if (memcmp (envline, "DEBUG_OUTPUT", 12) == 0)
+         if (!__libc_enable_secure
+             && memcmp (envline, "DEBUG_OUTPUT", 12) == 0)
            {
              debug_output = &envline[13];
              break;
@@ -2657,7 +2661,8 @@ process_envvars (struct dl_main_state *state)
 
        case 20:
          /* The mode of the dynamic linker can be set.  */
-         if (memcmp (envline, "TRACE_LOADED_OBJECTS", 20) == 0)
+         if (!__libc_enable_secure
+             && memcmp (envline, "TRACE_LOADED_OBJECTS", 20) == 0)
            {
              state->mode = rtld_mode_trace;
              state->mode_trace_program
@@ -2679,9 +2684,10 @@ process_envvars (struct dl_main_state *state)
        }
       while (*nextp != '\0');
 
-      GLRO(dl_debug_mask) = 0;
-
-      if (state->mode != rtld_mode_normal)
+      if (GLRO(dl_debug_mask) != 0
+         || GLRO(dl_verbose) != 0
+         || state->mode != rtld_mode_normal
+         || state->version_info)
        _exit (5);
     }
   /* If we have to run the dynamic linker in debugging mode and the

diff --git a/elf/tst-env-setuid.c b/elf/tst-env-setuid.c
index 76b8e1fb45a7468b287999735893948cd104e8b4..b1d64ac08517a73205f8dda168e1c41cb0aed955 100644 (file)
--- a/elf/tst-env-setuid.c
+++ b/elf/tst-env-setuid.c
@@ -59,6 +59,10 @@ static const struct envvar_t filtered_envvars[] =
   { "MALLOC_TRACE",            FILTERED_VALUE },
   { "MALLOC_TRIM_THRESHOLD_",  FILTERED_VALUE },
   { "RES_OPTIONS",             FILTERED_VALUE },
+  { "LD_DEBUG",                "all" },
+  { "LD_DEBUG_OUTPUT",         "/tmp/some-file" },
+  { "LD_WARN",                 FILTERED_VALUE },
+  { "LD_VERBOSE",              FILTERED_VALUE },
 };
 
 static const struct envvar_t unfiltered_envvars[] =

diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h
index f7ebed60e5cad1094ec426c4a13c671856b22b20..8975df4a14570f5c2c119e9a0608c480c2288a67 100644 (file)
--- a/sysdeps/generic/unsecvars.h
+++ b/sysdeps/generic/unsecvars.h
@@ -16,6 +16,8 @@
   "LD_PRELOAD\0"                                                             \
   "LD_PROFILE\0"                                                             \
   "LD_SHOW_AUXV\0"                                                           \
+  "LD_VERBOSE\0"                                                             \
+  "LD_WARN\0"                                                                \
   "LOCALDOMAIN\0"                                                            \
   "LOCPATH\0"                                                                \
   "MALLOC_ARENA_MAX\0"                                                       \