commit: 24fb5ce5969716045eabc6bd216104c59c94917b Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org> AuthorDate: Wed Oct 4 19:12:39 2023 +0000 Commit: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org> CommitDate: Wed Oct 4 19:12:39 2023 +0000 URL: https://gitweb.gentoo.org/proj/toolchain/glibc-patches.git/commit/?id=24fb5ce5
Add patch from altlinux that disables tunable parsing on setuid Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org> 9999/0010-disable-tunables-in-AT_SECURE.patch | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/9999/0010-disable-tunables-in-AT_SECURE.patch b/9999/0010-disable-tunables-in-AT_SECURE.patch new file mode 100644 index 0000000..4307c89 --- /dev/null +++ b/9999/0010-disable-tunables-in-AT_SECURE.patch @@ -0,0 +1,27 @@ +From 5d1686416ab766f3dd0780ab730650c4c0f76ca9 Mon Sep 17 00:00:00 2001 +From: Gleb Fotengauer-Malinovskiy <[email protected]> +Date: Wed, 20 Sep 2023 05:00:00 +0000 +Subject: [PATCH] elf/dl-tunables.c: avoid processing of tunables in AT_SECURE executables + +Complements: owl-alt-sanitize-env +--- + elf/dl-tunables.c | 3 +++ + 1 files changed, 3 insertions(+), 0 deletions(-) + +diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c +index 62b7332..e5e9093 100644 +--- a/elf/dl-tunables.c ++++ b/elf/dl-tunables.c +@@ -274,6 +274,9 @@ __tunables_init (char **envp) + size_t len = 0; + char **prev_envp = envp; + ++ if (__glibc_unlikely (__libc_enable_secure)) ++ return; ++ + maybe_enable_malloc_check (); + + while ((envp = get_next_env (envp, &envname, &len, &envval, +-- +1.7.3.3 +
