Gitiles
Code Review Sign In
gerrit.omnirom.org / android_bionic / 62c03a4ff4c4a80a4bf7cea72c12e613e26924c6^! / .
commit62c03a4ff4c4a80a4bf7cea72c12e613e26924c6[log] [tgz]
authorNick Kralevich <nnk@google.com>Sat Apr 01 09:54:19 2017 -0700
committerNick Kralevich <nnk@google.com>Mon Apr 03 08:44:38 2017 -0700
tree9baf6c3219450a88e379f44c7c499fd40a449f45
parent5d8b8310aaa43d7b8cb8809fdf805ba7f41df15e [diff]
Cleanup ANDROID_DNS_MODE and BIONIC_DNSCACHE

For security reasons, when a binary is executed which causes a security
transition (eg, a setuid binary, setgid binary, filesystem capabilities,
or SELinux domain transition), the AT_SECURE flag is set. This causes
certain blacklisted environment variables to be stripped before the
process is executed. The list of blacklisted environment variables is
stored in UNSAFE_VARIABLE_NAMES. Generally speaking, most environment
variables used internally by libc show up in this list.

Add ANDROID_DNS_MODE to the list of unsafe variables.
Similar to RESOLV_HOST_CONF and RES_OPTIONS (which are already
blacklisted), this variable controls how name resolution requests are
handled. Allowing ANDROID_DNS_MODE to be set across a security
boundary could induce resolution failures or otherwise impact
name resolution.

Remove BIONIC_DNSCACHE. This does not appear to be used, and setting
this variable across a security boundary could cause name resolution
problems.

Test: Android compiles and runs with no obvious problems.
Change-Id: I835a7b42d6afbc9c67866594c7951cfd9b355d81

diff --git a/libc/bionic/libc_init_common.cpp b/libc/bionic/libc_init_common.cpp
index 9094fc5..970a49c 100644
--- a/libc/bionic/libc_init_common.cpp
+++ b/libc/bionic/libc_init_common.cpp

@@ -244,6 +244,7 @@
   // of executing a setuid program or the result of an SELinux
   // security transition.
   static constexpr const char* UNSAFE_VARIABLE_NAMES[] = {
+    "ANDROID_DNS_MODE",
     "GCONV_PATH",
     "GETCONF_DIR",
     "HOSTALIASES",

diff --git a/libc/dns/resolv/res_cache.c b/libc/dns/resolv/res_cache.c
index 8b3c76b..82e0ddf 100644
--- a/libc/dns/resolv/res_cache.c
+++ b/libc/dns/resolv/res_cache.c

@@ -98,12 +98,6 @@
  *     is too short to accomodate the cached result.
  */
 
-/* the name of an environment variable that will be checked the first time
- * this code is called if its value is "0", then the resolver cache is
- * disabled.
- */
-#define  CONFIG_ENV  "BIONIC_DNSCACHE"
-
 /* default number of entries kept in the cache. This value has been
  * determined by browsing through various sites and counting the number
  * of corresponding requests. Keep in mind that our framework is currently
@@ -1812,13 +1806,6 @@
 static void
 _res_cache_init(void)
 {
-    const char*  env = getenv(CONFIG_ENV);
-
-    if (env && atoi(env) == 0) {
-        /* the cache is disabled */
-        return;
-    }
-
     memset(&_res_cache_list, 0, sizeof(_res_cache_list));
     pthread_mutex_init(&_res_cache_list_lock, NULL);
 }