From 5242bcff202fa2a5a39895423c8d8c11c02ad76a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= Date: Wed, 3 Dec 2025 11:09:31 +0100 Subject: [PATCH] rtld-elf: Mark LD_SHOW_AUXV insecure This prevents dumping the memory layout of setugid processes. MFC after: 3 days Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D54033 --- libexec/rtld-elf/rtld.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libexec/rtld-elf/rtld.c b/libexec/rtld-elf/rtld.c index bdfff7361e9..8ac89750887 100644 --- a/libexec/rtld-elf/rtld.c +++ b/libexec/rtld-elf/rtld.c @@ -395,7 +395,7 @@ static struct ld_env_var_desc ld_env_vars[] = { LD_ENV_DESC(TRACE_LOADED_OBJECTS_FMT1, false), LD_ENV_DESC(TRACE_LOADED_OBJECTS_FMT2, false), LD_ENV_DESC(TRACE_LOADED_OBJECTS_ALL, false), - LD_ENV_DESC(SHOW_AUXV, false), + LD_ENV_DESC(SHOW_AUXV, true), LD_ENV_DESC(STATIC_TLS_EXTRA, false), LD_ENV_DESC(NO_DL_ITERATE_PHDR_AFTER_FORK, false), };