git: 8e11e8fb782c - stable/13 - kern: add an option for preserving the early kenv

[Kyle Evans]

The branch stable/13 has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=8e11e8fb782cab5bbcde7a3f44f614c75f4b163d

commit 8e11e8fb782cab5bbcde7a3f44f614c75f4b163d
Author:     Kyle Evans <kevans at FreeBSD.org>
AuthorDate: 2021-06-20 19:29:31 +0000
Commit:     Kyle Evans <kevans at FreeBSD.org>
CommitDate: 2021-08-26 06:35:30 +0000

    kern: add an option for preserving the early kenv
    
    Some downstream configurations do not store secrets in the
    early (loader/static) environments and desire a way to preserve these
    for diagnostic reasons.  Provide an option to do so.
    
    (cherry picked from commit 7a129c973b5ba0fa916dfa658d523bec66dbd02d)
---
 sys/conf/options            | 8 ++++++++
 sys/kern/kern_environment.c | 4 ++++
 2 files changed, 12 insertions(+)

diff --git a/sys/conf/options b/sys/conf/options
index b6956193d841..121a23ed876c 100644
--- a/sys/conf/options
+++ b/sys/conf/options
@@ -1020,3 +1020,11 @@ IICHID_DEBUG	opt_hid.h
 IICHID_SAMPLING	opt_hid.h
 HKBD_DFLT_KEYMAP	opt_hkbd.h
 HIDRAW_MAKE_UHID_ALIAS	opt_hid.h
+
+# kenv options
+# The early kernel environment (loader environment, config(8)-provided static)
+# is typically cleared after the dynamic environment comes up to ensure that
+# we're not inadvertently holding on to 'secret' values in these stale envs.
+# This option is insecure except in controlled environments where the static
+# environment's contents are known to be safe.
+PRESERVE_EARLY_KENV	opt_global.h
diff --git a/sys/kern/kern_environment.c b/sys/kern/kern_environment.c
index 54992e6594ed..8dc345559e95 100644
--- a/sys/kern/kern_environment.c
+++ b/sys/kern/kern_environment.c
@@ -365,7 +365,11 @@ init_dynamic_kenv_from(char *init_env, int *curpos)
 			kenvp[i] = malloc(len, M_KENV, M_WAITOK);
 			strcpy(kenvp[i++], cp);
 sanitize:
+#ifdef PRESERVE_EARLY_KENV
+			continue;
+#else
 			explicit_bzero(cp, len - 1);
+#endif
 		}
 		*curpos = i;
 	}