oss-sec mailing list archives
Re: libdbus hardening
From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Mon, 30 Jul 2012 10:59:59 +0200
Florian Weimer wrote:
On 07/17/2012 12:08 PM, Florian Weimer wrote:Note that GNU libc will likely change the name to secure_getenv. Upstream does not want to document __secure_getenv as-is.This will be part of glibc 2.17. autoconf instructions are available here: <http://sourceware.org/glibc/wiki/Tips_and_Tricks/secure_getenv>
Now the next step would be to make glibc automatically use secure_getenv when running setuid root and require programs to explicitly call insecure_getenv() or something like that :-) cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Current thread:
- Re: libdbus hardening, (continued)
- Re: libdbus hardening Florian Weimer (Jul 11)
- Re: libdbus hardening Tomas Hoger (Sep 13)
- Re: libdbus hardening Simon McVittie (Jul 10)
- Re: libdbus hardening Sebastian Krahmer (Jul 11)
- Re: libdbus hardening Solar Designer (Jul 11)
- Re: libdbus hardening yersinia (Jul 11)
- Re: libdbus hardening Solar Designer (Jul 17)
- Re: libdbus hardening Florian Weimer (Jul 17)
- Re: libdbus hardening Florian Weimer (Jul 25)
- Re: libdbus hardening yersinia (Jul 26)
- Re: libdbus hardening Ludwig Nussel (Jul 30)
- Re: libdbus hardening Florian Weimer (Jul 30)
- Re: libdbus hardening Ludwig Nussel (Jul 30)
- Re: libdbus hardening Sebastian Krahmer (Jul 11)
- Re: libdbus hardening Ludwig Nussel (Jul 30)