oss-sec mailing list archives
Re: libdbus hardening
From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Mon, 30 Jul 2012 11:52:21 +0200
Florian Weimer wrote:
On 07/30/2012 10:59 AM, Ludwig Nussel wrote:Florian Weimer wrote:On 07/17/2012 12:08 PM, Florian Weimer wrote:Note that GNU libc will likely change the name to secure_getenv. Upstream does not want to document __secure_getenv as-is.This will be part of glibc 2.17. autoconf instructions are available here: <http://sourceware.org/glibc/wiki/Tips_and_Tricks/secure_getenv>Now the next step would be to make glibc automatically use secure_getenv when running setuid root and require programs to explicitly call insecure_getenv() or something like that :-)You're welcome to absorb the transition costs. 8-) I looked into this briefly, and the potentially insecure getenv calls are not in the majority, so we'd have to expect quite a bit of breakage, or at least add a configurable whitelist of variable names in a file in /etc.
Potential breakage would only occur in setuid programs that actually use getenv for valid purposes though. I wonder how many of those actually exist.
FWIW, I consider PAM and NSS (Name Service Switch) the major problem areas, too. Do you know if the APIs would allow confining plug-ins to subprocesses? Then we only have to solve the transparent child process problem.
No idea. I'd probably rather implement the setuid binary itself as client/server program and get rid of setuid in the first place instead of trying to play tricks in PAM though. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Current thread:
- Re: libdbus hardening, (continued)
- Re: libdbus hardening Simon McVittie (Jul 10)
- Re: libdbus hardening Sebastian Krahmer (Jul 11)
- Re: libdbus hardening Solar Designer (Jul 11)
- Re: libdbus hardening yersinia (Jul 11)
- Re: libdbus hardening Solar Designer (Jul 17)
- Re: libdbus hardening Florian Weimer (Jul 17)
- Re: libdbus hardening Florian Weimer (Jul 25)
- Re: libdbus hardening yersinia (Jul 26)
- Re: libdbus hardening Ludwig Nussel (Jul 30)
- Re: libdbus hardening Florian Weimer (Jul 30)
- Re: libdbus hardening Ludwig Nussel (Jul 30)
- Re: libdbus hardening Sebastian Krahmer (Jul 11)
- Re: libdbus hardening Simon McVittie (Jul 10)
- Re: libdbus hardening Ludwig Nussel (Jul 30)