Cleanup ANDROID_DNS_MODE and BIONIC_DNSCACHE
For security reasons, when a binary is executed which causes a security transition (eg, a setuid binary, setgid binary, filesystem capabilities, or SELinux domain transition), the AT_SECURE flag is set. This causes certain blacklisted environment variables to be stripped before the process is executed. The list of blacklisted environment variables is stored in UNSAFE_VARIABLE_NAMES. Generally speaking, most environment variables used internally by libc show up in this list. Add ANDROID_DNS_MODE to the list of unsafe variables. Similar to RESOLV_HOST_CONF and RES_OPTIONS (which are already blacklisted), this variable controls how name resolution requests are handled. Allowing ANDROID_DNS_MODE to be set across a security boundary could induce resolution failures or otherwise impact name resolution. Remove BIONIC_DNSCACHE. This does not appear to be used, and setting this variable across a security boundary could cause name resolution problems. Test: Android compiles and runs with no obvious problems. Change-Id: I835a7b42d6afbc9c67866594c7951cfd9b355d81
This commit is contained in:
parent
5d8b8310aa
commit
62c03a4ff4
|
@ -244,6 +244,7 @@ static bool __is_unsafe_environment_variable(const char* name) {
|
|||
// of executing a setuid program or the result of an SELinux
|
||||
// security transition.
|
||||
static constexpr const char* UNSAFE_VARIABLE_NAMES[] = {
|
||||
"ANDROID_DNS_MODE",
|
||||
"GCONV_PATH",
|
||||
"GETCONF_DIR",
|
||||
"HOSTALIASES",
|
||||
|
|
|
@ -98,12 +98,6 @@
|
|||
* is too short to accomodate the cached result.
|
||||
*/
|
||||
|
||||
/* the name of an environment variable that will be checked the first time
|
||||
* this code is called if its value is "0", then the resolver cache is
|
||||
* disabled.
|
||||
*/
|
||||
#define CONFIG_ENV "BIONIC_DNSCACHE"
|
||||
|
||||
/* default number of entries kept in the cache. This value has been
|
||||
* determined by browsing through various sites and counting the number
|
||||
* of corresponding requests. Keep in mind that our framework is currently
|
||||
|
@ -1812,13 +1806,6 @@ static void _res_cache_clear_stats_locked(struct resolv_cache_info* cache_info);
|
|||
static void
|
||||
_res_cache_init(void)
|
||||
{
|
||||
const char* env = getenv(CONFIG_ENV);
|
||||
|
||||
if (env && atoi(env) == 0) {
|
||||
/* the cache is disabled */
|
||||
return;
|
||||
}
|
||||
|
||||
memset(&_res_cache_list, 0, sizeof(_res_cache_list));
|
||||
pthread_mutex_init(&_res_cache_list_lock, NULL);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue