oss-sec mailing list archives

Re: libdbus hardening

From: Florian Weimer <fweimer () redhat com>
Date: Tue, 17 Jul 2012 12:08:04 +0200

On 07/17/2012 12:02 PM, Solar Designer wrote:

On Wed, Jul 11, 2012 at 04:12:09PM +0200, yersinia wrote:

But exists in other linux libc implementation similar more secure
alternatives to getenv ?


I'm not aware of other Linux libc's having this, but I proposed
__secure_getenv() (as well as OpenBSD'ish issetugid() or/and
__libc_enable_secure) for addition to musl.  (No, I did not write any
code for this.  I merely told Rich and heard back.)  I may be biased,
but I think that musl is the main alternative to glibc on Linux now.

Note that GNU libc will likely change the name to secure_getenv.Upstream does not want to document __secure_getenv as-is.


See the discussion here:
http://sourceware.org/ml/libc-alpha/2012-07/msg00213.html

--
Florian Weimer / Red Hat Product Security Team

Current thread:

Re: libdbus hardening, (continued)
- - - Re: libdbus hardening Solar Designer (Jul 10)
    - Re: libdbus hardening Sebastian Krahmer (Jul 10)
    - Re: libdbus hardening Solar Designer (Jul 10)
    - Re: libdbus hardening Florian Weimer (Jul 11)
    - Re: libdbus hardening Tomas Hoger (Sep 13)
- Re: libdbus hardening Simon McVittie (Jul 10)
  - Re: libdbus hardening Sebastian Krahmer (Jul 11)
    - Re: libdbus hardening Solar Designer (Jul 11)
    - Re: libdbus hardening yersinia (Jul 11)
    - Re: libdbus hardening Solar Designer (Jul 17)
    - Re: libdbus hardening Florian Weimer (Jul 17)
    - Re: libdbus hardening Florian Weimer (Jul 25)
    - Re: libdbus hardening yersinia (Jul 26)
    - Re: libdbus hardening Ludwig Nussel (Jul 30)
    - Re: libdbus hardening Florian Weimer (Jul 30)
    - Re: libdbus hardening Ludwig Nussel (Jul 30)
- Re: libdbus hardening Simon McVittie (Jul 26)
  - Re: libdbus hardening Ludwig Nussel (Jul 30)