generic-library/bionic
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Filter ANDROID_PROPERTY_WORKSPACE

Browse Source 
When executing a setuid executable, filter out ANDROID_PROPERTY_WORKSPACE
from the environment. Some applications implicitly trust the property
space and don't realize that it's passed by an environment variable
which can be modified by the caller.

Change-Id: I3e3a98941f0a1f249a2ff983ecbcfe1278aa9159
This commit is contained in:
Nick Kralevich 2013-01-15 16:02:03 -08:00
parent 791e26d959
commit a0f64756a4
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
linker/linker_environ.cpp
View File

@ -112,6 +112,7 @@ static bool __is_valid_environment_variable(const char* name) {
static bool __is_unsafe_environment_variable(const char* name) { static bool __is_unsafe_environment_variable(const char* name) {
// None of these should be allowed in setuid programs. // None of these should be allowed in setuid programs.
static const char* const UNSAFE_VARIABLE_NAMES[] = { static const char* const UNSAFE_VARIABLE_NAMES[] = {
"ANDROID_PROPERTY_WORKSPACE",
"GCONV_PATH", "GCONV_PATH",
"GETCONF_DIR", "GETCONF_DIR",
"HOSTALIASES", "HOSTALIASES",