oss-sec mailing list archives
Re: libdbus hardening
From: Florian Weimer <fweimer () redhat com>
Date: Tue, 10 Jul 2012 15:58:46 +0200
On 07/10/2012 03:43 PM, Solar Designer wrote:
On Tue, Jul 10, 2012 at 03:13:55PM +0200, Florian Weimer wrote:Perhaps we can put a getenv_secure() into libc, which will perform all the appropriate checks (including future checks we do not know about yet)? Duplicating the code in many libraries does not seem prudent.We already have __secure_getenv() in glibc, which I think is what libraries like this should be using on systems with glibc.
Sebastian's patches also include a check on prctl(PR_GET_DUMPABLE). I'm not sure if the libc approach (compare effective and real UIDs/GIDs on process start and base process environment trust decisions on that) is equivalent.
-- Florian Weimer / Red Hat Product Security Team
Current thread:
- libdbus hardening Sebastian Krahmer (Jul 10)
- Re: libdbus hardening Florian Weimer (Jul 10)
- Re: libdbus hardening Solar Designer (Jul 10)
- Re: libdbus hardening Florian Weimer (Jul 10)
- Re: libdbus hardening Solar Designer (Jul 10)
- Re: libdbus hardening Sebastian Krahmer (Jul 10)
- Re: libdbus hardening Solar Designer (Jul 10)
- Re: libdbus hardening yersinia (Jul 10)
- Re: libdbus hardening Sebastian Krahmer (Jul 10)
- Re: libdbus hardening Solar Designer (Jul 10)
- Re: libdbus hardening Sebastian Krahmer (Jul 10)
- Re: libdbus hardening Solar Designer (Jul 10)
- Re: libdbus hardening Florian Weimer (Jul 11)
- Re: libdbus hardening Florian Weimer (Jul 10)
- Re: libdbus hardening Tomas Hoger (Sep 13)