From 0e1ad2f01a17f27c399b03536b85a4b5a1b8baa0 Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Wed, 22 May 2019 21:38:36 +0200 Subject: [PATCH] ld.so.8: Note some further details of secure-execution mode Note some further details of the treatment of environment variables in secure execution mode. In particular (as noted by Matthias Hertel), note that ignored environment variables are also stripped from the environment. Furthermore, there are some other variables, not used by the dynamic linker itself, that are also treated in this way (see the glibc source file sysdeps/generic/unsecvars.h). Reported-by: Matthias Hertel Signed-off-by: Michael Kerrisk --- man8/ld.so.8 | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/man8/ld.so.8 b/man8/ld.so.8 index 7755361e8..834177058 100644 --- a/man8/ld.so.8 +++ b/man8/ld.so.8 @@ -218,10 +218,28 @@ Various environment variables influence the operation of the dynamic linker. .\" .SS Secure-execution mode For security reasons, -the effects of some environment variables are voided or modified if -the dynamic linker determines that the binary should be -run in secure-execution mode. -(For details, see the discussion of individual environment variables below.) +if the dynamic linker determines that a binary should be +run in secure-execution mode, +the effects of some environment variables are voided or modified, +and furthermore those environment variables are stripped from the environment, +so that the program does not even see the definitions. +Some of these environment variables affect the operation of +the dynamic linker itself, and are described below. +Other environment variables treated in this way include: +.BR GCONV_PATH , +.BR GETCONF_DIR , +.BR HOSTALIASES , +.BR LOCALDOMAIN , +.BR LOCPATH , +.BR MALLOC_TRACE , +.BR NIS_PATH , +.BR NLSPATH , +.BR RESOLV_HOST_CONF , +.BR RES_OPTIONS , +.BR TMPDIR , +and +.BR TZDIR . +.PP A binary is executed in secure-execution mode if the .B AT_SECURE entry in the auxiliary vector (see