Propagate GLIBC_TUNABLES in setxid binaries

GLIBC_TUNABLES scrubbing happens earlier than envvar scrubbing and some
tunables are required to propagate past setxid boundary, like their
env_alias.  Rely on tunable scrubbing to clean out GLIBC_TUNABLES like
before, restoring behaviour in glibc 2.37 and earlier.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>

diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h
index 81397fb..8278c50 100644 (file)
--- a/sysdeps/generic/unsecvars.h
+++ b/sysdeps/generic/unsecvars.h
@@ -4,7 +4,6 @@
 #define UNSECURE_ENVVARS \
   "GCONV_PATH\0"                                                             \
   "GETCONF_DIR\0"                                                            \
-  "GLIBC_TUNABLES\0"                                                         \
   "HOSTALIASES\0"                                                            \
   "LD_AUDIT\0"                                                               \
   "LD_DEBUG\0"                                                               \