LibC: Don't honor LIBC_* malloc debugging flags in AT_SECURE context

Just ignore all these environment flags if the AT_SECURE flag is set in
the program's auxiliary vector.

This prevents a user from tricking set-uid programs into dumping debug
information via environment flags.

Userland/Libraries/LibC/malloc.cpp

@@ -29,6 +29,7 @@
 #include <AK/LogStream.h>
 #include <AK/ScopedValueRollback.h>
 #include <AK/Vector.h>
+#include <LibELF/AuxiliaryVector.h>
 #include <LibThread/Lock.h>
 #include <assert.h>
 #include <mallocdefs.h>
@@ -430,13 +431,14 @@ void* realloc(void* ptr, size_t size)
 void __malloc_init()
 {
     new (&malloc_lock()) LibThread::Lock();
-    if (getenv("LIBC_NOSCRUB_MALLOC"))
+
+    if (secure_getenv("LIBC_NOSCRUB_MALLOC"))
         s_scrub_malloc = false;
-    if (getenv("LIBC_NOSCRUB_FREE"))
+    if (secure_getenv("LIBC_NOSCRUB_FREE"))
         s_scrub_free = false;
-    if (getenv("LIBC_LOG_MALLOC"))
+    if (secure_getenv("LIBC_LOG_MALLOC"))
         s_log_malloc = true;
-    if (getenv("LIBC_PROFILE_MALLOC"))
+    if (secure_getenv("LIBC_PROFILE_MALLOC"))
         s_profiling = true;
 
     for (size_t i = 0; i < num_size_classes; ++i) {

Userland/Libraries/LibC/stdlib.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018-2020, Andreas Kling <kling@serenityos.org>
+ * Copyright (c) 2018-2021, Andreas Kling <kling@serenityos.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -31,6 +31,7 @@
 #include <AK/Types.h>
 #include <AK/Utf8View.h>
 #include <Kernel/API/Syscall.h>
+#include <LibELF/AuxiliaryVector.h>
 #include <alloca.h>
 #include <assert.h>
 #include <ctype.h>
@@ -195,11 +196,27 @@ inline int generate_unique_filename(char* pattern, Callback callback)
 
 extern "C" {
 
+long getauxval(long type)
+{
+    errno = 0;
+    char** env;
+    for (env = environ; *env; ++env) {
+    }
+
+    auxv_t* auxvp = (auxv_t*)++env;
+    for (; auxvp->a_type != AT_NULL; ++auxvp) {
+        if (auxvp->a_type == type)
+            return auxvp->a_un.a_val;
+    }
+    errno = ENOENT;
+    return 0;
+}
+
 void exit(int status)
 {
     __cxa_finalize(nullptr);
 
-    if (getenv("LIBC_DUMP_MALLOC_STATS"))
+    if (secure_getenv("LIBC_DUMP_MALLOC_STATS"))
         serenity_dump_malloc_stats();
 
     extern void _fini();
@@ -256,6 +273,13 @@ char* getenv(const char* name)
     return nullptr;
 }
 
+char* secure_getenv(const char* name)
+{
+    if (getauxval(AT_SECURE))
+        return nullptr;
+    return getenv(name);
+}
+
 int unsetenv(const char* name)
 {
     auto new_var_len = strlen(name);

Userland/Libraries/LibC/stdlib.h

@@ -45,6 +45,7 @@ void serenity_dump_malloc_stats(void);
 void free(void*);
 __attribute__((alloc_size(2))) void* realloc(void* ptr, size_t);
 char* getenv(const char* name);
+char* secure_getenv(const char* name);
 int putenv(char*);
 int unsetenv(const char*);
 int clearenv(void);
@@ -106,4 +107,6 @@ int posix_openpt(int flags);
 int grantpt(int fd);
 int unlockpt(int fd);
 
+long getauxval(long type);
+
 __END_DECLS