oss-sec mailing list archives

Re: libdbus hardening

From: yersinia <yersinia.spiros () gmail com>
Date: Wed, 11 Jul 2012 16:12:09 +0200

Dunno if OT.

But exists in other linux libc implementation similar more secure
alternatives to getenv ?

Thanks

2012/7/11, Solar Designer <solar () openwall com>:

On Wed, Jul 11, 2012 at 11:05:03AM +0200, Sebastian Krahmer wrote:

Ok. We are not in a hurry. I added the new patch to

https://bugzilla.novell.com/show_bug.cgi?id=697105

using __secure_getenv().


You could want to add a #warning after the #else (when __secure_getenv
is not detected by the configure script), although I'd prefer these
things to be fail-close (build failing if __secure_getenv is expected to
be present, but is not detected).  This is an issue with
security-related autoconf checks in general.

Alexander


-- 
Inviato dal mio dispositivo mobile

Current thread:

Re: libdbus hardening, (continued)
- - - Re: libdbus hardening yersinia (Jul 10)
    - Re: libdbus hardening Sebastian Krahmer (Jul 10)
    - Re: libdbus hardening Solar Designer (Jul 10)
    - Re: libdbus hardening Sebastian Krahmer (Jul 10)
    - Re: libdbus hardening Solar Designer (Jul 10)
    - Re: libdbus hardening Florian Weimer (Jul 11)
    - Re: libdbus hardening Tomas Hoger (Sep 13)
- Re: libdbus hardening Simon McVittie (Jul 10)
  - Re: libdbus hardening Sebastian Krahmer (Jul 11)
    - Re: libdbus hardening Solar Designer (Jul 11)
    - Re: libdbus hardening yersinia (Jul 11)
    - Re: libdbus hardening Solar Designer (Jul 17)
    - Re: libdbus hardening Florian Weimer (Jul 17)
    - Re: libdbus hardening Florian Weimer (Jul 25)
    - Re: libdbus hardening yersinia (Jul 26)
    - Re: libdbus hardening Ludwig Nussel (Jul 30)
    - Re: libdbus hardening Florian Weimer (Jul 30)
    - Re: libdbus hardening Ludwig Nussel (Jul 30)
- Re: libdbus hardening Simon McVittie (Jul 26)
  - Re: libdbus hardening Ludwig Nussel (Jul 30)