aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristopher Ferris <cferris@google.com>2020-05-27 03:45:20 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>2020-05-27 03:45:20 +0000
commit989e4306953588a81c2dd7d6bfdc7bb2696e29bb (patch)
tree912ae95b942df310f52785310ad0e6b4c8005dfb
parentbfb72cc5fb72b387d522a2054f727e2fef99a107 (diff)
parent07de2f8f09cc33c511c91210a978d1f828211842 (diff)
downloadbionic-989e4306953588a81c2dd7d6bfdc7bb2696e29bb.tar.gz
Ignore SCUDO_OPTIONS across a security boundary. am: 2082446f8a am: 07de2f8f09
Change-Id: I4466a0b40bd70c8f6856b3382af86d2a4cfe7bfd
Diffstat
-rw-r--r--libc/bionic/libc_init_common.cpp63
1 files changed, 32 insertions, 31 deletions
diff --git a/libc/bionic/libc_init_common.cpp b/libc/bionic/libc_init_common.cpp
index 12628f753..a82ca50b6 100644
--- a/libc/bionic/libc_init_common.cpp
+++ b/libc/bionic/libc_init_common.cpp
@@ -230,37 +230,38 @@ static bool __is_unsafe_environment_variable(const char* name) {
// of executing a setuid program or the result of an SELinux
// security transition.
static constexpr const char* UNSAFE_VARIABLE_NAMES[] = {
- "ANDROID_DNS_MODE",
- "GCONV_PATH",
- "GETCONF_DIR",
- "HOSTALIASES",
- "JE_MALLOC_CONF",
- "LD_AOUT_LIBRARY_PATH",
- "LD_AOUT_PRELOAD",
- "LD_AUDIT",
- "LD_CONFIG_FILE",
- "LD_DEBUG",
- "LD_DEBUG_OUTPUT",
- "LD_DYNAMIC_WEAK",
- "LD_LIBRARY_PATH",
- "LD_ORIGIN_PATH",
- "LD_PRELOAD",
- "LD_PROFILE",
- "LD_SHOW_AUXV",
- "LD_USE_LOAD_BIAS",
- "LIBC_DEBUG_MALLOC_OPTIONS",
- "LIBC_HOOKS_ENABLE",
- "LOCALDOMAIN",
- "LOCPATH",
- "MALLOC_CHECK_",
- "MALLOC_CONF",
- "MALLOC_TRACE",
- "NIS_PATH",
- "NLSPATH",
- "RESOLV_HOST_CONF",
- "RES_OPTIONS",
- "TMPDIR",
- "TZDIR",
+ "ANDROID_DNS_MODE",
+ "GCONV_PATH",
+ "GETCONF_DIR",
+ "HOSTALIASES",
+ "JE_MALLOC_CONF",
+ "LD_AOUT_LIBRARY_PATH",
+ "LD_AOUT_PRELOAD",
+ "LD_AUDIT",
+ "LD_CONFIG_FILE",
+ "LD_DEBUG",
+ "LD_DEBUG_OUTPUT",
+ "LD_DYNAMIC_WEAK",
+ "LD_LIBRARY_PATH",
+ "LD_ORIGIN_PATH",
+ "LD_PRELOAD",
+ "LD_PROFILE",
+ "LD_SHOW_AUXV",
+ "LD_USE_LOAD_BIAS",
+ "LIBC_DEBUG_MALLOC_OPTIONS",
+ "LIBC_HOOKS_ENABLE",
+ "LOCALDOMAIN",
+ "LOCPATH",
+ "MALLOC_CHECK_",
+ "MALLOC_CONF",
+ "MALLOC_TRACE",
+ "NIS_PATH",
+ "NLSPATH",
+ "RESOLV_HOST_CONF",
+ "RES_OPTIONS",
+ "SCUDO_OPTIONS",
+ "TMPDIR",
+ "TZDIR",
};
for (const auto& unsafe_variable_name : UNSAFE_VARIABLE_NAMES) {
if (env_match(name, unsafe_variable_name) != nullptr) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-10 07:00:20 +0000