| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130123162225.GA12058@thunk.org>
Date: Wed, 23 Jan 2013 11:22:25 -0500
From: Theodore Ts'o <tytso@....edu>
To: Florian Weimer <fw@...eb.enyo.de>
Cc: Ext4 Developers List <linux-ext4@...r.kernel.org>
Subject: Re: [PATCH 1/3] contrib: add safe_getenv() support to spd_readdir
On Wed, Jan 23, 2013 at 01:17:25PM +0100, Florian Weimer wrote:
>
> glibc 2.17 has secure_getenv, but not __secure_getenv. Unfortuantely,
> this was the only way to turn this into an official interface.
Thanks for pointing this out. I'm using Debian testing which is still
using glibc 2.13. The bigger issue is that it's not just
spd_readdir.c (which is in contrib and so it's not compiled from the
makefile), but we are using __secure_getenv() in libext2fs and other
libraries in e2fprogs.
Use of __secure_getenv() is protected with a configure.in test, so we
won't break when we compile under glibc 2.17, but we won't have the
full benefit of using secure_getenv(), either. We use a similar
safe_getenv() code which will skip the getenv if the process is
running setuid, or PR_GET_DUMPABLE returns 0, so hopefully that
prevents us against the worst of the security exposure, but as [1]
states, "such emulation is necessarily brittle".
[1] http://sourceware.org/glibc/wiki/Tips_and_Tricks/secure_getenv
Can someone send me a patch, please? Or I'll put it on my todo list....
- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists