Bug#1053470: ld.so: ignore tunables in secure mode

[Michael Hudson-Doyle <michael.hudson@canonical.com>]

I think that is the sort of conclusion upstream is coming to in https://inbox.sourceware.org/libc-alpha/20231003201151.1406279-1-siddhesh@sourceware.org/T/#e9123bc53d892ab6552e05109ce939d531d741092 too. In any case, the upstream bug tracker / mailing list is probably the place to start with this.

On Thu, 5 Oct 2023 at 07:00, Christian Göttsche <cgzones@googlemail.com> wrote:

Package: glibc
Version: 2.37-12

In the light of the recent privilege escalation vulnerability I'd like
to suggest disabling the support for tunables in secure mode (most
notably for setuid-binaries).
This would mitigate future regressions in the handling of the
environment variable and possible vulnerabilities caused by the
interaction of particular options with security relevant applications.

The support could either be disabled at compile time[1] or at runtime
via a file existence check (either by reusing `/etc/suid-debug` or a
new one like `/etc/suid-tunables`).


[1]: https://git.altlinux.org/gears/g/glibc.git?p=glibc.git;a=commitdiff;h=5d1686416ab766f3dd0780ab730650c4c0f76ca9