ld.so.8: Note some further details of secure-execution mode

Note some further details of the treatment of environment variables in secure execution mode. In particular (as noted by Matthias Hertel), note that ignored environment variables are also stripped from the environment. Furthermore, there are some other variables, not used by the dynamic linker itself, that are also treated in this way (see the glibc source file sysdeps/generic/unsecvars.h). Reported-by: Matthias Hertel <Matthias.Hertel@rohde-schwarz.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-05-22 21:38:36 +02:00 · 2019-05-22 21:38:36 +02:00 · 0e1ad2f01a
parent f3da99c4ee
commit 0e1ad2f01a
1 changed files with 22 additions and 4 deletions
--- a/man8/ld.so.8
+++ b/man8/ld.so.8
@ -218,10 +218,28 @@ Various environment variables influence the operation of the dynamic linker.
 .\"
 .SS Secure-execution mode
 For security reasons,
-the effects of some environment variables are voided or modified if
-the dynamic linker determines that the binary should be
-run in secure-execution mode.
-(For details, see the discussion of individual environment variables below.)
+if the dynamic linker determines that a binary should be
+run in secure-execution mode,
+the effects of some environment variables are voided or modified,
+and furthermore those environment variables are stripped from the environment,
+so that the program does not even see the definitions.
+Some of these environment variables affect the operation of
+the dynamic linker itself, and are described below.
+Other environment variables treated in this way include:
+.BR GCONV_PATH ,
+.BR GETCONF_DIR ,
+.BR HOSTALIASES ,
+.BR LOCALDOMAIN ,
+.BR LOCPATH ,
+.BR MALLOC_TRACE ,
+.BR NIS_PATH ,
+.BR NLSPATH ,
+.BR RESOLV_HOST_CONF ,
+.BR RES_OPTIONS ,
+.BR TMPDIR ,
+and
+.BR TZDIR .
+.PP
 A binary is executed in secure-execution mode if the
 .B AT_SECURE
 entry in the auxiliary vector (see