Provide safe execution environment for sanitizer-built code
The various sanitizers that llvm offer would be useful to run in production. However, the sanitizer runtime exposes user-controlled environment variables in order to control how the sanitizer performs during a process' lifetime.
These environment variables can provide additional surface area, especially in the context of setuid processes. For example, the Address Sanitizer (ASAN) exposes an ASAN_OPTIONS
environment variable. Setting this environment variable can change the behavior of ASAN, potentially weakening the security posture of the process.
We should harden the address sanitzer runtime to skip processing environment variables by default. A src.conf(5)
knob should be created to restore old behavior.