From db43dfdfa8bc2b938582aef3d87e43594c13ee50 Mon Sep 17 00:00:00 2001 From: CoprDistGit Date: Wed, 9 Oct 2024 03:36:26 +0000 Subject: automatic import of glibc --- ...opagate-GLIBC_TUNABLES-in-setxid-binaries.patch | 32 ++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 0003-Propagate-GLIBC_TUNABLES-in-setxid-binaries.patch (limited to '0003-Propagate-GLIBC_TUNABLES-in-setxid-binaries.patch') diff --git a/0003-Propagate-GLIBC_TUNABLES-in-setxid-binaries.patch b/0003-Propagate-GLIBC_TUNABLES-in-setxid-binaries.patch new file mode 100644 index 0000000..0508bef --- /dev/null +++ b/0003-Propagate-GLIBC_TUNABLES-in-setxid-binaries.patch @@ -0,0 +1,32 @@ +From 73e3fcd1a552783e66ff1f65c5f322e2f17a81d1 Mon Sep 17 00:00:00 2001 +From: Siddhesh Poyarekar +Date: Tue, 19 Sep 2023 13:25:40 -0400 +Subject: [PATCH 3/4] Propagate GLIBC_TUNABLES in setxid binaries + +GLIBC_TUNABLES scrubbing happens earlier than envvar scrubbing and some +tunables are required to propagate past setxid boundary, like their +env_alias. Rely on tunable scrubbing to clean out GLIBC_TUNABLES like +before, restoring behaviour in glibc 2.37 and earlier. + +Signed-off-by: Siddhesh Poyarekar +Reviewed-by: Carlos O'Donell +(cherry picked from commit 0d5f9ea97f1b39f2a855756078771673a68497e1) +--- + sysdeps/generic/unsecvars.h | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h +index 81397fb90b..8278c50a84 100644 +--- a/sysdeps/generic/unsecvars.h ++++ b/sysdeps/generic/unsecvars.h +@@ -4,7 +4,6 @@ + #define UNSECURE_ENVVARS \ + "GCONV_PATH\0" \ + "GETCONF_DIR\0" \ +- "GLIBC_TUNABLES\0" \ + "HOSTALIASES\0" \ + "LD_AUDIT\0" \ + "LD_DEBUG\0" \ +-- +2.33.0 + -- cgit v1.2.3