Drop the GLIBC_TUNABLES environment variable from the environment of
setxid processes to avoid passing it on to non-setxid children. This
prevents potentially insecure tunables in the GLIBC_TUNABLES envvar
from crossing over into a child that may use a libc that has tunables
support.
* sysdeps/generic/unsecvars.h: Add GLIBC_TUNABLES.
+2017-04-06 Siddhesh Poyarekar <siddhesh@sourceware.org>
+
+ * sysdeps/generic/unsecvars.h: Add GLIBC_TUNABLES.
+
2017-04-06 Denis Kaganovich <mahatma@eu.by>
Magnus Granberg <zorry@gentoo.org>
Mike Frysinger <vapier@gentoo.org>
#define UNSECURE_ENVVARS \
"GCONV_PATH\0" \
"GETCONF_DIR\0" \
+ "GLIBC_TUNABLES\0" \
"HOSTALIASES\0" \
"LD_AUDIT\0" \
"LD_DEBUG\0" \
projects / thirdparty / glibc.git / commitdiff
