Filter ANDROID_PROPERTY_WORKSPACE

When executing a setuid executable, filter out ANDROID_PROPERTY_WORKSPACE
from the environment. Some applications implicitly trust the property
space and don't realize that it's passed by an environment variable
which can be modified by the caller.

Change-Id: I3e3a98941f0a1f249a2ff983ecbcfe1278aa9159

diff --git a/linker/linker_environ.cpp b/linker/linker_environ.cpp
index 8ae5a9d..16f017e 100644 (file)
--- a/linker/linker_environ.cpp
+++ b/linker/linker_environ.cpp
@@ -112,6 +112,7 @@ static bool __is_valid_environment_variable(const char* name) {
 static bool __is_unsafe_environment_variable(const char* name) {
   // None of these should be allowed in setuid programs.
   static const char* const UNSAFE_VARIABLE_NAMES[] = {
+      "ANDROID_PROPERTY_WORKSPACE",
       "GCONV_PATH",
       "GETCONF_DIR",
       "HOSTALIASES",