diff options
| author | Nick Kralevich <nnk@google.com> | 2017-04-01 09:54:19 -0700 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2017-04-03 08:44:38 -0700 |
| commit | 62c03a4ff4c4a80a4bf7cea72c12e613e26924c6 (patch) | |
| tree | 9baf6c3219450a88e379f44c7c499fd40a449f45 /libc/malloc_debug/malloc_debug.cpp | |
| parent | 5d8b8310aaa43d7b8cb8809fdf805ba7f41df15e (diff) | |
Cleanup ANDROID_DNS_MODE and BIONIC_DNSCACHE
For security reasons, when a binary is executed which causes a security
transition (eg, a setuid binary, setgid binary, filesystem capabilities,
or SELinux domain transition), the AT_SECURE flag is set. This causes
certain blacklisted environment variables to be stripped before the
process is executed. The list of blacklisted environment variables is
stored in UNSAFE_VARIABLE_NAMES. Generally speaking, most environment
variables used internally by libc show up in this list.
Add ANDROID_DNS_MODE to the list of unsafe variables.
Similar to RESOLV_HOST_CONF and RES_OPTIONS (which are already
blacklisted), this variable controls how name resolution requests are
handled. Allowing ANDROID_DNS_MODE to be set across a security
boundary could induce resolution failures or otherwise impact
name resolution.
Remove BIONIC_DNSCACHE. This does not appear to be used, and setting
this variable across a security boundary could cause name resolution
problems.
Test: Android compiles and runs with no obvious problems.
Change-Id: I835a7b42d6afbc9c67866594c7951cfd9b355d81
Diffstat (limited to 'libc/malloc_debug/malloc_debug.cpp')
0 files changed, 0 insertions, 0 deletions