From 24fb5ce5969716045eabc6bd216104c59c94917b Mon Sep 17 00:00:00 2001
From: "Andreas K. Hüttel" <dilfridge@gentoo.org>
Date: Wed, 4 Oct 2023 21:12:39 +0200
Subject: Add patch from altlinux that disables tunable parsing on setuid
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
---
 9999/0010-disable-tunables-in-AT_SECURE.patch | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 9999/0010-disable-tunables-in-AT_SECURE.patch

diff --git a/9999/0010-disable-tunables-in-AT_SECURE.patch b/9999/0010-disable-tunables-in-AT_SECURE.patch
new file mode 100644
index 0000000..4307c89
--- /dev/null
+++ b/9999/0010-disable-tunables-in-AT_SECURE.patch
@@ -0,0 +1,27 @@
+From 5d1686416ab766f3dd0780ab730650c4c0f76ca9 Mon Sep 17 00:00:00 2001
+From: Gleb Fotengauer-Malinovskiy <glebfm@altlinux.org>
+Date: Wed, 20 Sep 2023 05:00:00 +0000
+Subject: [PATCH] elf/dl-tunables.c: avoid processing of tunables in AT_SECURE executables
+
+Complements: owl-alt-sanitize-env
+---
+ elf/dl-tunables.c |    3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c
+index 62b7332..e5e9093 100644
+--- a/elf/dl-tunables.c
++++ b/elf/dl-tunables.c
+@@ -274,6 +274,9 @@ __tunables_init (char **envp)
+   size_t len = 0;
+   char **prev_envp = envp;
+ 
++  if (__glibc_unlikely (__libc_enable_secure))
++    return;
++
+   maybe_enable_malloc_check ();
+ 
+   while ((envp = get_next_env (envp, &envname, &len, &envval,
+-- 
+1.7.3.3
+
-- 
cgit v1.2.3-65-gdbad