Filter ANDROID_PROPERTY_WORKSPACE When executing a setuid executable, filter out ANDROID_PROPERTY_WORKSPACE from the environment. Some applications implicitly trust the property space and don't realize that it's passed by an environment variable which can be modified by the caller. Change-Id: I3e3a98941f0a1f249a2ff983ecbcfe1278aa9159

commit: a0f64756a4a55ab48b2b5511d4e7c45583dac44b [log] [tgz]
author: Nick Kralevich <nnk@google.com> Tue Jan 15 16:02:03 2013 -0800
committer: Nick Kralevich <nnk@google.com> Tue Jan 15 16:02:03 2013 -0800
tree: eea5b3968df7b2e46585732f79357114c44e8bb4
parent: 791e26d9598a72376b8a16a5ccfb5d1ae0010965 [diff]
diff --git a/linker/linker_environ.cpp b/linker/linker_environ.cpp
index 8ae5a9d..16f017e 100644
--- a/linker/linker_environ.cpp
+++ b/linker/linker_environ.cpp

@@ -112,6 +112,7 @@
 static bool __is_unsafe_environment_variable(const char* name) {
   // None of these should be allowed in setuid programs.
   static const char* const UNSAFE_VARIABLE_NAMES[] = {
+      "ANDROID_PROPERTY_WORKSPACE",
       "GCONV_PATH",
       "GETCONF_DIR",
       "HOSTALIASES",
commit	a0f64756a4a55ab48b2b5511d4e7c45583dac44b	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Tue Jan 15 16:02:03 2013 -0800
committer	Nick Kralevich <nnk@google.com>	Tue Jan 15 16:02:03 2013 -0800
tree	eea5b3968df7b2e46585732f79357114c44e8bb4
parent	791e26d9598a72376b8a16a5ccfb5d1ae0010965 [diff]