diff options
author | Christopher Ferris <cferris@google.com> | 2020-05-27 03:31:58 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-05-27 03:31:58 +0000 |
commit | 0a050b19596a04133a3766feabe4b6f3e2b2c716 (patch) | |
tree | 912ae95b942df310f52785310ad0e6b4c8005dfb | |
parent | c9ecba8d4a9f33f11e676d60db9e1262deb352db (diff) | |
parent | 2082446f8ac69d06ea56894523ef3bedab8d66c8 (diff) | |
download | bionic-0a050b19596a04133a3766feabe4b6f3e2b2c716.tar.gz |
Ignore SCUDO_OPTIONS across a security boundary. am: 2082446f8a
Change-Id: Id591dcdcb9b285010379f839ec125c9e61059227
-rw-r--r-- | libc/bionic/libc_init_common.cpp | 63 |
1 files changed, 32 insertions, 31 deletions
diff --git a/libc/bionic/libc_init_common.cpp b/libc/bionic/libc_init_common.cpp index 12628f753..a82ca50b6 100644 --- a/libc/bionic/libc_init_common.cpp +++ b/libc/bionic/libc_init_common.cpp @@ -230,37 +230,38 @@ static bool __is_unsafe_environment_variable(const char* name) { // of executing a setuid program or the result of an SELinux // security transition. static constexpr const char* UNSAFE_VARIABLE_NAMES[] = { - "ANDROID_DNS_MODE", - "GCONV_PATH", - "GETCONF_DIR", - "HOSTALIASES", - "JE_MALLOC_CONF", - "LD_AOUT_LIBRARY_PATH", - "LD_AOUT_PRELOAD", - "LD_AUDIT", - "LD_CONFIG_FILE", - "LD_DEBUG", - "LD_DEBUG_OUTPUT", - "LD_DYNAMIC_WEAK", - "LD_LIBRARY_PATH", - "LD_ORIGIN_PATH", - "LD_PRELOAD", - "LD_PROFILE", - "LD_SHOW_AUXV", - "LD_USE_LOAD_BIAS", - "LIBC_DEBUG_MALLOC_OPTIONS", - "LIBC_HOOKS_ENABLE", - "LOCALDOMAIN", - "LOCPATH", - "MALLOC_CHECK_", - "MALLOC_CONF", - "MALLOC_TRACE", - "NIS_PATH", - "NLSPATH", - "RESOLV_HOST_CONF", - "RES_OPTIONS", - "TMPDIR", - "TZDIR", + "ANDROID_DNS_MODE", + "GCONV_PATH", + "GETCONF_DIR", + "HOSTALIASES", + "JE_MALLOC_CONF", + "LD_AOUT_LIBRARY_PATH", + "LD_AOUT_PRELOAD", + "LD_AUDIT", + "LD_CONFIG_FILE", + "LD_DEBUG", + "LD_DEBUG_OUTPUT", + "LD_DYNAMIC_WEAK", + "LD_LIBRARY_PATH", + "LD_ORIGIN_PATH", + "LD_PRELOAD", + "LD_PROFILE", + "LD_SHOW_AUXV", + "LD_USE_LOAD_BIAS", + "LIBC_DEBUG_MALLOC_OPTIONS", + "LIBC_HOOKS_ENABLE", + "LOCALDOMAIN", + "LOCPATH", + "MALLOC_CHECK_", + "MALLOC_CONF", + "MALLOC_TRACE", + "NIS_PATH", + "NLSPATH", + "RESOLV_HOST_CONF", + "RES_OPTIONS", + "SCUDO_OPTIONS", + "TMPDIR", + "TZDIR", }; for (const auto& unsafe_variable_name : UNSAFE_VARIABLE_NAMES) { if (env_match(name, unsafe_variable_name) != nullptr) { |