oss-sec mailing list archives
Re: xscreensaver package caps gets raw socket
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Sun, 18 Apr 2021 10:29:56 -0700
On 4/17/21 5:51 PM, Érico Nogueira wrote:
Using `secure_getenv` in some of these cases would probably work as well as checking `getauxval(AT_SECURE)`, especially because it seems (from my quick search over at <https://man.bsd.lv>) that both are Linux specific anyway.
Solaris also has secure_getenv since the 11.3.10 release. It uses the issetugid() call that's been available since Solaris 9 (2002) and which is also available in FreeBSD & OpenBSD: https://man.openbsd.org/issetugid.2 https://www.freebsd.org/cgi/man.cgi?query=issetugid&sektion=2 https://docs.oracle.com/cd/E88353_01/html/E37841/issetugid-2.html Though Nico Williams warns not all implementations work the same way: https://gist.github.com/nicowilliams/4daf74a3a0c86848d3cbd9d0cdb5e26e -- -Alan Coopersmith- alan.coopersmith () oracle com Oracle Solaris Engineering - https://blogs.oracle.com/alanc
Current thread:
- xscreensaver package caps gets raw socket Tavis Ormandy (Apr 17)
- Re: xscreensaver package caps gets raw socket Tavis Ormandy (Apr 17)
- Re: xscreensaver package caps gets raw socket Érico Nogueira (Apr 18)
- Re: xscreensaver package caps gets raw socket Solar Designer (Apr 18)
- Re: xscreensaver package caps gets raw socket Alan Coopersmith (Apr 18)
- Re: xscreensaver package caps gets raw socket Simon McVittie (Apr 18)
- Re: xscreensaver package caps gets raw socket David A. Wheeler (Apr 19)
- Re: xscreensaver package caps gets raw socket Ariadne Conill (Apr 19)
- Re: xscreensaver package caps gets raw socket David A. Wheeler (Apr 19)
- Re: xscreensaver package caps gets raw socket Ariadne Conill (Apr 19)
- Re: xscreensaver package caps gets raw socket Eli Schwartz (Apr 19)
- Re: xscreensaver package caps gets raw socket Stuart Henderson (Apr 19)
- Re: xscreensaver package caps gets raw socket David A. Wheeler (Apr 19)