From: Theodore Ts'o <tytso@mit.edu>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Ext4 Developers List <linux-ext4@vger.kernel.org>
Subject: Re: [PATCH 1/3] contrib: add safe_getenv() support to spd_readdir
Date: Wed, 23 Jan 2013 11:22:25 -0500 [thread overview]
Message-ID: <20130123162225.GA12058@thunk.org> (raw)
In-Reply-To: <87d2ww8562.fsf@mid.deneb.enyo.de>
On Wed, Jan 23, 2013 at 01:17:25PM +0100, Florian Weimer wrote:
>
> glibc 2.17 has secure_getenv, but not __secure_getenv. Unfortuantely,
> this was the only way to turn this into an official interface.
Thanks for pointing this out. I'm using Debian testing which is still
using glibc 2.13. The bigger issue is that it's not just
spd_readdir.c (which is in contrib and so it's not compiled from the
makefile), but we are using __secure_getenv() in libext2fs and other
libraries in e2fprogs.
Use of __secure_getenv() is protected with a configure.in test, so we
won't break when we compile under glibc 2.17, but we won't have the
full benefit of using secure_getenv(), either. We use a similar
safe_getenv() code which will skip the getenv if the process is
running setuid, or PR_GET_DUMPABLE returns 0, so hopefully that
prevents us against the worst of the security exposure, but as [1]
states, "such emulation is necessarily brittle".
[1] http://sourceware.org/glibc/wiki/Tips_and_Tricks/secure_getenv
Can someone send me a patch, please? Or I'll put it on my todo list....
- Ted
prev parent reply other threads:[~2013-01-23 16:22 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-22 0:09 [PATCH 1/3] contrib: add safe_getenv() support to spd_readdir Theodore Ts'o
2013-01-22 0:09 ` [PATCH 2/3] contrib: add thread locking and readdir64_r " Theodore Ts'o
2013-01-22 0:09 ` [PATCH 3/3] contrib: fix namespace leakage in spd_readdir Theodore Ts'o
2013-01-23 12:17 ` [PATCH 1/3] contrib: add safe_getenv() support to spd_readdir Florian Weimer
2013-01-23 16:22 ` Theodore Ts'o [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130123162225.GA12058@thunk.org \
--to=tytso@mit.edu \
--cc=fw@deneb.enyo.de \
--cc=linux-ext4@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).