git.ipfire.org Git - thirdparty/glibc.git/commit

Ignore and remove LD_HWCAP_MASK for AT_SECURE programs (bug #21209)

The LD_HWCAP_MASK environment variable may alter the selection of
function variants for some architectures. For AT_SECURE process it
means that if an outdated routine has a bug that would otherwise not
affect newer platforms by default, LD_HWCAP_MASK will allow that bug
to be exploited.

To be on the safe side, ignore and disable LD_HWCAP_MASK for setuid
binaries.

[BZ #21209]
* elf/rtld.c (process_envvars): Ignore LD_HWCAP_MASK for
AT_SECURE processes.
* sysdeps/generic/unsecvars.h: Add LD_HWCAP_MASK.

(cherry picked from commit 1c1243b6fc33c029488add276e56570a07803bfd)

author	Siddhesh Poyarekar <siddhesh@sourceware.org>
	Tue, 7 Mar 2017 15:22:04 +0000 (20:52 +0530)
committer	Adhemerval Zanella <adhemerval.zanella@linaro.org>
	Thu, 13 Jul 2017 14:36:20 +0000 (11:36 -0300)
commit	ceeb0740ed04c48170f9f6f15fef55637ad84e1b
tree	2adf4d58544aa760f7fe33a82dd1c3c6c32a0db8	tree
parent	24adabbe17d24b9cf4f42d81f546359f72515ce3	commit \| diff

ChangeLog		diff \| blob \| blame \| history
NEWS		diff \| blob \| blame \| history
elf/rtld.c		diff \| blob \| blame \| history
sysdeps/generic/unsecvars.h		diff \| blob \| blame \| history