oss-sec mailing list archives
Re: libdbus hardening
From: Florian Weimer <fweimer () redhat com>
Date: Mon, 30 Jul 2012 11:11:44 +0200
On 07/30/2012 10:59 AM, Ludwig Nussel wrote:
Florian Weimer wrote:On 07/17/2012 12:08 PM, Florian Weimer wrote:Note that GNU libc will likely change the name to secure_getenv. Upstream does not want to document __secure_getenv as-is.This will be part of glibc 2.17. autoconf instructions are available here: <http://sourceware.org/glibc/wiki/Tips_and_Tricks/secure_getenv>Now the next step would be to make glibc automatically use secure_getenv when running setuid root and require programs to explicitly call insecure_getenv() or something like that :-)
You're welcome to absorb the transition costs. 8-) I looked into this briefly, and the potentially insecure getenv calls are not in the majority, so we'd have to expect quite a bit of breakage, or at least add a configurable whitelist of variable names in a file in /etc.
FWIW, I consider PAM and NSS (Name Service Switch) the major problem areas, too. Do you know if the APIs would allow confining plug-ins to subprocesses? Then we only have to solve the transparent child process problem.
-- Florian Weimer / Red Hat Product Security Team
Current thread:
- Re: libdbus hardening, (continued)
- Re: libdbus hardening Tomas Hoger (Sep 13)
- Re: libdbus hardening Simon McVittie (Jul 10)
- Re: libdbus hardening Sebastian Krahmer (Jul 11)
- Re: libdbus hardening Solar Designer (Jul 11)
- Re: libdbus hardening yersinia (Jul 11)
- Re: libdbus hardening Solar Designer (Jul 17)
- Re: libdbus hardening Florian Weimer (Jul 17)
- Re: libdbus hardening Florian Weimer (Jul 25)
- Re: libdbus hardening yersinia (Jul 26)
- Re: libdbus hardening Ludwig Nussel (Jul 30)
- Re: libdbus hardening Florian Weimer (Jul 30)
- Re: libdbus hardening Ludwig Nussel (Jul 30)
- Re: libdbus hardening Sebastian Krahmer (Jul 11)
- Re: libdbus hardening Ludwig Nussel (Jul 30)