RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 22:17:43 +00:00
Code Issues Activity Actions

LibC: Don't honor LIBC_* malloc debugging flags in AT_SECURE context

Browse source 
Just ignore all these environment flags if the AT_SECURE flag is set in
the program's auxiliary vector.

This prevents a user from tricking set-uid programs into dumping debug
information via environment flags.
This commit is contained in:
Andreas Kling 2021-01-31 14:31:13 +01:00
parent 9984201634
commit fc4eae87f8
3 changed files with 35 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Userland/Libraries/LibC/stdlib.h
View file

@ -45,6 +45,7 @@ void serenity_dump_malloc_stats(void);
void free(void*);
__attribute__((alloc_size(2))) void* realloc(void* ptr, size_t);
char* getenv(const char* name);
char* secure_getenv(const char* name);
int putenv(char*);
int unsetenv(const char*);
int clearenv(void);
@ -106,4 +107,6 @@ int posix_openpt(int flags);
int grantpt(int fd);
int unlockpt(int fd);
long getauxval(long type);
__END_DECLS