summaryrefslogtreecommitdiffstats
path: root/patches/source/glibc/glibc.3776f38f.diff
diff options
context:
space:
mode:
Diffstat (limited to 'patches/source/glibc/glibc.3776f38f.diff')
-rw-r--r--patches/source/glibc/glibc.3776f38f.diff52
1 files changed, 52 insertions, 0 deletions
diff --git a/patches/source/glibc/glibc.3776f38f.diff b/patches/source/glibc/glibc.3776f38f.diff
new file mode 100644
index 00000000..d2b787a4
--- /dev/null
+++ b/patches/source/glibc/glibc.3776f38f.diff
@@ -0,0 +1,52 @@
+From 3776f38fcd267c127ba5eb222e2c614c191744aa Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Date: Tue, 20 Jun 2017 05:59:17 +0200
+Subject: [PATCH] Ignore and remove LD_HWCAP_MASK for AT_SECURE programs (bug
+ #21209)
+
+The LD_HWCAP_MASK environment variable may alter the selection of
+function variants for some architectures. For AT_SECURE process it
+means that if an outdated routine has a bug that would otherwise not
+affect newer platforms by default, LD_HWCAP_MASK will allow that bug
+to be exploited.
+
+To be on the safe side, ignore and disable LD_HWCAP_MASK for setuid
+binaries.
+
+ [BZ #21209]
+ * elf/rtld.c (process_envvars): Ignore LD_HWCAP_MASK for
+ AT_SECURE processes.
+ * sysdeps/generic/unsecvars.h: Add LD_HWCAP_MASK.
+
+(cherry picked from commit 1c1243b6fc33c029488add276e56570a07803bfd)
+
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 369724b..9362a21 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -2534,7 +2534,8 @@ process_envvars (enum mode *modep)
+
+ case 10:
+ /* Mask for the important hardware capabilities. */
+- if (memcmp (envline, "HWCAP_MASK", 10) == 0)
++ if (!__libc_enable_secure
++ && memcmp (envline, "HWCAP_MASK", 10) == 0)
+ GLRO(dl_hwcap_mask) = __strtoul_internal (&envline[11], NULL,
+ 0, 0);
+ break;
+diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h
+index a740837..5ea8a4a 100644
+--- a/sysdeps/generic/unsecvars.h
++++ b/sysdeps/generic/unsecvars.h
+@@ -16,6 +16,7 @@
+ "LD_DEBUG\0" \
+ "LD_DEBUG_OUTPUT\0" \
+ "LD_DYNAMIC_WEAK\0" \
++ "LD_HWCAP_MASK\0" \
+ "LD_LIBRARY_PATH\0" \
+ "LD_ORIGIN_PATH\0" \
+ "LD_PRELOAD\0" \
+--
+2.9.3
+
+