Merge "libc_init_common.cpp: Clarify when environment stripping occurs"

2015-11-11 02:06:59 +00:00 · 2015-11-11 02:06:59 +00:00 · 6209b99a73
commit 6209b99a73
parent 2a7f1b335d 2fb02651c8
1 changed files with 5 additions and 1 deletions
--- a/libc/bionic/libc_init_common.cpp
+++ b/libc/bionic/libc_init_common.cpp
@ -245,7 +245,11 @@ static bool __is_valid_environment_variable(const char* name) {
 }

 static bool __is_unsafe_environment_variable(const char* name) {
-  // None of these should be allowed in setuid programs.
+  // None of these should be allowed when the AT_SECURE auxv
+  // flag is set. This flag is set to inform userspace that a
+  // security transition has occurred, for example, as a result
+  // of executing a setuid program or the result of an SELinux
+  // security transition.
  static constexpr const char* UNSAFE_VARIABLE_NAMES[] = {
    "GCONV_PATH",
    "GETCONF_DIR",