From: Michael C Thompson <thompsmc@us.ibm.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: SE Linux <selinux@tycho.nsa.gov>, Daniel J Walsh <dwalsh@redhat.com>
Subject: Re: [PATCH 3/4] newrole suid functionality (take 2)
Date: Thu, 02 Nov 2006 15:38:23 -0600 [thread overview]
Message-ID: <454A654F.5020902@us.ibm.com> (raw)
In-Reply-To: <1162500860.5519.105.camel@moss-spartans.epoch.ncsc.mil>
Stephen Smalley wrote:
> The man page for setlocale() says:
> If locale is "", each part of the locale that should be modified is set
> according to the environment variables.
>
> Which doesn't sound like it is sanitizing them. Possibly it has
> different behavior in the libc_enable_secure case, which would be 1 for
> newrole (even the non-suid newrole, due to the domain transition), but I
> don't know offhand. NLSPATH is on the unsecvars list, so it would be
> ignored.
I read through the glibc source, and glibc does checking for '/' in the
values obtained from the environment.
>> There isn't any propsed change in this code, just a better understanding
>> from the coder. If this is suggested code flow looks OK, I will clean up
>> the rest of my code and send out the next round of patches.
>
> I take it that su and friends don't do anything special here prior to
> calling the localization functions?
Right, the calls to setlocale, bindtextdomain and textdomain is
basically the first thing that they do. They also seem to not worry
about the environment until much later as well.
I'm find it hard to know where to stop worrying and trust the
libraries... because understanding absolutely everything that's going on
will not make for a timely patch. Although I would rather not trust
anything.
Mike
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2006-11-02 21:38 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-17 18:24 [PATCH 0/4] newrole suid functionality (take 2) Michael C Thompson
2006-10-17 18:38 ` [PATCH 1/4] " Michael C Thompson
2006-10-17 18:40 ` [PATCH 0/4] " Michael C Thompson
2006-10-17 18:42 ` [PATCH 3/4] " Michael C Thompson
2006-10-23 19:05 ` Stephen Smalley
2006-10-23 19:29 ` Michael C Thompson
2006-11-02 17:22 ` Michael C Thompson
2006-11-02 18:34 ` Stephen Smalley
2006-11-02 20:35 ` Michael C Thompson
2006-11-02 20:54 ` Stephen Smalley
2006-11-02 21:38 ` Michael C Thompson [this message]
2006-10-17 18:43 ` [PATCH 4/4] " Michael C Thompson
2006-10-23 19:09 ` Stephen Smalley
2006-10-23 19:30 ` Michael C Thompson
2006-10-23 18:56 ` [PATCH 0/4] " Stephen Smalley
2006-10-23 19:26 ` Michael C Thompson
2006-11-02 17:18 ` Michael C Thompson
2006-11-02 18:21 ` Stephen Smalley
2006-11-02 18:38 ` Michael C Thompson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=454A654F.5020902@us.ibm.com \
--to=thompsmc@us.ibm.com \
--cc=dwalsh@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.