The LD_HWCAP_MASK environment variable may alter the selection of
function variants for some architectures. For AT_SECURE process it
means that if an outdated routine has a bug that would otherwise not
affect newer platforms by default, LD_HWCAP_MASK will allow that bug
to be exploited.
To be on the safe side, ignore and disable LD_HWCAP_MASK for setuid
binaries.
[BZ #21209]
* elf/rtld.c (process_envvars): Ignore LD_HWCAP_MASK for
AT_SECURE processes.
* sysdeps/generic/unsecvars.h: Add LD_HWCAP_MASK.
(cherry picked from commit
1c1243b6fc33c029488add276e56570a07803bfd)
+2017-03-07 Siddhesh Poyarekar <siddhesh@sourceware.org>
+
+ [BZ #21209]
+ * elf/rtld.c (process_envvars): Ignore LD_HWCAP_MASK for
+ AT_SECURE processes.
+ * sysdeps/generic/unsecvars.h: Add LD_HWCAP_MASK.
+
2017-06-19 Florian Weimer <fweimer@redhat.com>
* elf/rtld.c (audit_list_string): New variable.
The following bugs are resolved with this release:
+ [21209] Ignore and remove LD_HWCAP_MASK for AT_SECURE programs
[21289] Fix symbol redirect for fts_set
[21386] Assertion in fork for distinct parent PID is incorrect
[21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366)
case 10:
/* Mask for the important hardware capabilities. */
- if (memcmp (envline, "HWCAP_MASK", 10) == 0)
+ if (!__libc_enable_secure
+ && memcmp (envline, "HWCAP_MASK", 10) == 0)
GLRO(dl_hwcap_mask) = __strtoul_internal (&envline[11], NULL,
0, 0);
break;
"LD_DEBUG\0" \
"LD_DEBUG_OUTPUT\0" \
"LD_DYNAMIC_WEAK\0" \
+ "LD_HWCAP_MASK\0" \
"LD_LIBRARY_PATH\0" \
"LD_ORIGIN_PATH\0" \
"LD_PRELOAD\0" \
projects / thirdparty / glibc.git / commitdiff
