oss-sec mailing list archives
Re: libdbus hardening
From: Florian Weimer <fweimer () redhat com>
Date: Tue, 17 Jul 2012 12:08:04 +0200
On 07/17/2012 12:02 PM, Solar Designer wrote:
On Wed, Jul 11, 2012 at 04:12:09PM +0200, yersinia wrote:But exists in other linux libc implementation similar more secure alternatives to getenv ?I'm not aware of other Linux libc's having this, but I proposed __secure_getenv() (as well as OpenBSD'ish issetugid() or/and __libc_enable_secure) for addition to musl. (No, I did not write any code for this. I merely told Rich and heard back.) I may be biased, but I think that musl is the main alternative to glibc on Linux now.
Note that GNU libc will likely change the name to secure_getenv. Upstream does not want to document __secure_getenv as-is.
See the discussion here: http://sourceware.org/ml/libc-alpha/2012-07/msg00213.html -- Florian Weimer / Red Hat Product Security Team
Current thread:
- Re: libdbus hardening, (continued)
- Re: libdbus hardening Solar Designer (Jul 10)
- Re: libdbus hardening Sebastian Krahmer (Jul 10)
- Re: libdbus hardening Solar Designer (Jul 10)
- Re: libdbus hardening Florian Weimer (Jul 11)
- Re: libdbus hardening Tomas Hoger (Sep 13)
- Re: libdbus hardening Sebastian Krahmer (Jul 11)
- Re: libdbus hardening Solar Designer (Jul 11)
- Re: libdbus hardening yersinia (Jul 11)
- Re: libdbus hardening Solar Designer (Jul 17)
- Re: libdbus hardening Florian Weimer (Jul 17)
- Re: libdbus hardening Florian Weimer (Jul 25)
- Re: libdbus hardening yersinia (Jul 26)
- Re: libdbus hardening Ludwig Nussel (Jul 30)
- Re: libdbus hardening Florian Weimer (Jul 30)
- Re: libdbus hardening Ludwig Nussel (Jul 30)
- Re: libdbus hardening Ludwig Nussel (Jul 30)