Merge "libc_init_common.cpp: Clarify when environment stripping occurs"

commit: 6209b99a7351ed732ab25bb2ffa75465366b244f [log] [tgz]
author: Nick Kralevich <nnk@google.com> Wed Nov 11 02:06:59 2015 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Nov 11 02:06:59 2015 +0000
tree: 694ada2a51dd010fc14ca2ca055cb0b04ff51f1e
parent: 2a7f1b335dcd08a480c4acc948ba202bae1a0a1f [diff]
parent: 2fb02651c894866c220bd64cbcd5fbd14e086b85 [diff]
diff --git a/libc/bionic/libc_init_common.cpp b/libc/bionic/libc_init_common.cpp
index 4995414..a683748 100644
--- a/libc/bionic/libc_init_common.cpp
+++ b/libc/bionic/libc_init_common.cpp

@@ -245,7 +245,11 @@
 }
 
 static bool __is_unsafe_environment_variable(const char* name) {
-  // None of these should be allowed in setuid programs.
+  // None of these should be allowed when the AT_SECURE auxv
+  // flag is set. This flag is set to inform userspace that a
+  // security transition has occurred, for example, as a result
+  // of executing a setuid program or the result of an SELinux
+  // security transition.
   static constexpr const char* UNSAFE_VARIABLE_NAMES[] = {
     "GCONV_PATH",
     "GETCONF_DIR",
commit	6209b99a7351ed732ab25bb2ffa75465366b244f	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Wed Nov 11 02:06:59 2015 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Wed Nov 11 02:06:59 2015 +0000
tree	694ada2a51dd010fc14ca2ca055cb0b04ff51f1e
parent	2a7f1b335dcd08a480c4acc948ba202bae1a0a1f [diff]
parent	2fb02651c894866c220bd64cbcd5fbd14e086b85 [diff]