[gentoo-commits] proj/toolchain/glibc-patches:master commit in: 9999/

["Andreas K. Hüttel" <dilfridge@gentoo.org>]

commit:     24fb5ce5969716045eabc6bd216104c59c94917b
Author:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
AuthorDate: Wed Oct  4 19:12:39 2023 +0000
Commit:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
CommitDate: Wed Oct  4 19:12:39 2023 +0000
URL:        https://gitweb.gentoo.org/proj/toolchain/glibc-patches.git/commit/?id=24fb5ce5

Add patch from altlinux that disables tunable parsing on setuid

Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>

 9999/0010-disable-tunables-in-AT_SECURE.patch | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/9999/0010-disable-tunables-in-AT_SECURE.patch b/9999/0010-disable-tunables-in-AT_SECURE.patch
new file mode 100644
index 0000000..4307c89
--- /dev/null
+++ b/9999/0010-disable-tunables-in-AT_SECURE.patch
@@ -0,0 +1,27 @@
+From 5d1686416ab766f3dd0780ab730650c4c0f76ca9 Mon Sep 17 00:00:00 2001
+From: Gleb Fotengauer-Malinovskiy <glebfm@altlinux.org>
+Date: Wed, 20 Sep 2023 05:00:00 +0000
+Subject: [PATCH] elf/dl-tunables.c: avoid processing of tunables in AT_SECURE executables
+
+Complements: owl-alt-sanitize-env
+---
+ elf/dl-tunables.c |    3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c
+index 62b7332..e5e9093 100644
+--- a/elf/dl-tunables.c
++++ b/elf/dl-tunables.c
+@@ -274,6 +274,9 @@ __tunables_init (char **envp)
+   size_t len = 0;
+   char **prev_envp = envp;
+ 
++  if (__glibc_unlikely (__libc_enable_secure))
++    return;
++
+   maybe_enable_malloc_check ();
+ 
+   while ((envp = get_next_env (envp, &envname, &len, &envval,
+-- 
+1.7.3.3
+