Update.

2000-09-26  Thorsten Kukuk  <kukuk@suse.de>

	* nscd/dbg_log.c (dbg_log): Add missing format string.

	* catgets/catgets.c (catopen): Use getenv instead of __secure_getenv
	since we filter out the variable once.
	* iconv/gconv_conf.c (__gconv_get_path): Likewise.
	* locale/newlocale.c (__newlocale): Likewise.
	* locale/setlocale.c (setlocale): Likewise.
	* malloc/malloc.c (ptmalloc_init): Likewise.
	* resolv/res_hconf.c (_res_hconf_init): Likewise.
	* resolv/res_init.c (__res_vinit): Likewise.
	* time/tzfile.c (__tzfile_read): Likewise.
	* sysdeps/generic/unsecvars.h: New file.
	* elf/dl-support.c (non_dynamic_init): Use it here to remove variables.
	* elf/rtld.c (process_envvars): Likewise.
	* elf/Makefile (distribute): Add unsecvars.h.

1 files changed, 22 insertions, 0 deletions

diff --git a/elf/dl-support.c b/elf/dl-support.c
index 50b37e8166..75d7b1926a 100644
--- a/elf/dl-support.c
+++ b/elf/dl-support.c
@@ -27,6 +27,8 @@
 #include <ldsodefs.h>
 #include <dl-machine.h>
 #include <bits/libc-lock.h>
+#include <dl-librecon.h>
+#include <unsecvars.h>
 
 extern char *__progname;
 char **_dl_argv = &__progname;	/* This is checked for some error messages.  */
@@ -125,6 +127,26 @@ non_dynamic_init (void)
 
   _dl_dynamic_weak = *(getenv ("LD_DYNAMIC_WEAK") ?: "") == '\0';
 
+  if (__libc_enable_secure)
+    {
+      static const char *unsecure_envvars[] =
+      {
+	UNSECURE_ENVVARS,
+#ifdef EXTRA_UNSECURE_ENVVARS
+	EXTRA_UNSECURE_ENVVARS
+#endif
+      };
+      size_t cnt;
+
+      for (cnt = 0;
+	   cnt < sizeof (unsecure_envvars) / sizeof (unsecure_envvars[0]);
+	   ++cnt)
+	unsetenv (unsecure_envvars[cnt]);
+
+      if (__access ("/etc/suid-debug", F_OK) != 0)
+	unsetenv ("MALLOC_CHECK_");
+    }
+
 #ifdef DL_PLATFORM_INIT
   DL_PLATFORM_INIT;
 #endif