ld.so.8: Note some further details of secure-execution mode

Note some further details of the treatment of environment
variables in secure execution mode. In particular (as noted by
Matthias Hertel), note that ignored environment variables are also
stripped from the environment. Furthermore, there are some other
variables, not used by the dynamic linker itself, that are also
treated in this way (see the glibc source file
sysdeps/generic/unsecvars.h).

Reported-by: Matthias Hertel <Matthias.Hertel@rohde-schwarz.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

diff --git a/man8/ld.so.8 b/man8/ld.so.8
index 7755361e8db6d25a530eaa2320d56d8ec1af3dc8..8341770585c88fa76fb3c5cd74ab7cb98f2825f3 100644 (file)
--- a/man8/ld.so.8
+++ b/man8/ld.so.8
@@ -218,10 +218,28 @@ Various environment variables influence the operation of the dynamic linker.
 .\"
 .SS Secure-execution mode
 For security reasons,
-the effects of some environment variables are voided or modified if
-the dynamic linker determines that the binary should be
-run in secure-execution mode.
-(For details, see the discussion of individual environment variables below.)
+if the dynamic linker determines that a binary should be
+run in secure-execution mode,
+the effects of some environment variables are voided or modified,
+and furthermore those environment variables are stripped from the environment,
+so that the program does not even see the definitions.
+Some of these environment variables affect the operation of
+the dynamic linker itself, and are described below.
+Other environment variables treated in this way include:
+.BR GCONV_PATH ,
+.BR GETCONF_DIR ,
+.BR HOSTALIASES ,
+.BR LOCALDOMAIN ,
+.BR LOCPATH ,
+.BR MALLOC_TRACE ,
+.BR NIS_PATH ,
+.BR NLSPATH ,
+.BR RESOLV_HOST_CONF ,
+.BR RES_OPTIONS ,
+.BR TMPDIR ,
+and
+.BR TZDIR .
+.PP
 A binary is executed in secure-execution mode if the
 .B AT_SECURE
 entry in the auxiliary vector (see