Vulnerability Development mailing list archives
Re: more locale problems?
From: Olaf Kirch <okir () CALDERA DE>
Date: Fri, 24 Nov 2000 21:05:20 +0100
On Fri, Nov 24, 2000 at 08:17:07AM +1100, Andrew Griffiths wrote:
I can't think of any suid program that clears these yet though.
The question is not necessarily whether the variables get cleared;
the question is whether they're evaluated. glibc has __getenv_secure()
calls all over the place, which ignores environment variables if the
process had effective != real privs at libc initialization.
So the simple fact that some potentially dangerous variable is still
there in your su shell doesn't mean that there's an exploit.
In fact, if you check the glibc source code (e.g. 2.1.1) you'll notice
that locale/{get,set}locale.c uses __secure_getenv("LOCPATH").
UTSL :-)
Cheers,
Olaf
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir () monad swb de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir () caldera de +-------------------- Why Not?! -----------------------
UNIX, n.: Spanish manufacturer of fire extinguishers.
Current thread:
- more locale problems? Andrew Griffiths (Nov 22)
- Re: more locale problems? Erik Tayler (Nov 23)
- Re: more locale problems? Ryan Sweat (Nov 23)
- Re: more locale problems? Damian Menscher (Nov 23)
- Re: more locale problems? dgerow (Nov 25)
- Re: more locale problems? Andrew Griffiths (Nov 25)
- Re: more locale problems? Olaf Kirch (Nov 27)
- Re: more locale problems? Erik Tayler (Nov 23)