* clearenv(3): implies that it's a security tool
@ 2016-02-18 17:28 Stéphane Aulery
[not found] ` <2022845728.87847295.1455816499626.JavaMail.root-ejyA1lUx/7j5pO4zsKA69P9ALaXTbT7g0e7PPNI6Mm0@public.gmane.org>
0 siblings, 1 reply; 7+ messages in thread
From: Stéphane Aulery @ 2016-02-18 17:28 UTC (permalink / raw)
To: 679323-61a8vm9lEZVf4u+23C9RwQ, mdz-8fiUuRrzOP0dnm+yROfE0A
Cc: linux-man-u79uwXL29TY76Z2rM5mHXA
severity 679323 minor
stop
-----
Hello Matt,
I dig your bug reports about the clearenv() function.
Does the sentence below would do, please?
Used by security-conscious application, with the reservation
that the memory is not zeroed by the glibc implementation
before release.
Regards,
--
Stéphane Aulery
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: clearenv(3): implies that it's a security tool
[not found] ` <2022845728.87847295.1455816499626.JavaMail.root-ejyA1lUx/7j5pO4zsKA69P9ALaXTbT7g0e7PPNI6Mm0@public.gmane.org>
@ 2016-02-18 20:34 ` Matt Zimmerman
[not found] ` <20160218203447.GF3560-GlOw+ZFk85JeoWH0uzbU5w@public.gmane.org>
0 siblings, 1 reply; 7+ messages in thread
From: Matt Zimmerman @ 2016-02-18 20:34 UTC (permalink / raw)
To: Stéphane Aulery
Cc: 679323-61a8vm9lEZVf4u+23C9RwQ, linux-man-u79uwXL29TY76Z2rM5mHXA
Thanks for following up. My recommendation is to say something like:
This function DOES NOT securely erase the contents of the environment.
Security-conscious applications which need to do this should use ....
instead.
On Thu, Feb 18, 2016 at 06:28:19PM +0100, Stéphane Aulery wrote:
> severity 679323 minor
> stop
> -----
>
> Hello Matt,
>
> I dig your bug reports about the clearenv() function.
>
> Does the sentence below would do, please?
>
>
> Used by security-conscious application, with the reservation
> that the memory is not zeroed by the glibc implementation
> before release.
>
>
> Regards,
>
> --
> Stéphane Aulery
--
- mdz
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Bug#679323: clearenv(3): implies that it's a security tool
[not found] ` <20160218203447.GF3560-GlOw+ZFk85JeoWH0uzbU5w@public.gmane.org>
@ 2016-02-18 21:44 ` Stéphane Aulery
2016-02-19 11:59 ` Michael Kerrisk (man-pages)
1 sibling, 0 replies; 7+ messages in thread
From: Stéphane Aulery @ 2016-02-18 21:44 UTC (permalink / raw)
To: Matt Zimmerman, 679323-61a8vm9lEZVf4u+23C9RwQ
Cc: linux-man-u79uwXL29TY76Z2rM5mHXA
Hello Matt,
Le 18/02/2016 21:34, Matt Zimmerman a écrit :
> Thanks for following up. My recommendation is to say something like:
>
> This function DOES NOT securely erase the contents of the environment.
> Security-conscious applications which need to do this should use ....
> instead.
Thanks for your reply. To match the note recommending a solution of
withdrawal, then I suggest:
-----
If it is unavailable the assignment
environ = NULL;
will probably do.
But these solutions DO NOT securely erase the contents of the
environment. ecurity-conscious applications which need to do this should
use [...] instead.
----
Problem, I have no idea of good security practice. A helping hand, please?
Regards,
--
Stéphane Aulery
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: clearenv(3): implies that it's a security tool
[not found] ` <20160218203447.GF3560-GlOw+ZFk85JeoWH0uzbU5w@public.gmane.org>
2016-02-18 21:44 ` Bug#679323: " Stéphane Aulery
@ 2016-02-19 11:59 ` Michael Kerrisk (man-pages)
[not found] ` <CAKgNAkh0qR-5Kj0-bc6QtAM7j44s41YfNMUOfi_BAiFHYVOO5g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
1 sibling, 1 reply; 7+ messages in thread
From: Michael Kerrisk (man-pages) @ 2016-02-19 11:59 UTC (permalink / raw)
To: Matt Zimmerman
Cc: Stéphane Aulery, 679323-61a8vm9lEZVf4u+23C9RwQ, linux-man
On 18 February 2016 at 21:34, Matt Zimmerman <mdz-8fiUuRrzOP0dnm+yROfE0A@public.gmane.org> wrote:
> Thanks for following up. My recommendation is to say something like:
>
> This function DOES NOT securely erase the contents of the environment.
> Security-conscious applications which need to do this should use ....
> instead.
So, I think this report is a little confused, but mainly because of
the poor description in the man page.
The security-conscious applications in this context are those that
want to precisely control the environment passed to an exec()ed
program. clearenv() cannot, indeed must not, try to erase the buffers
containing the environment definitions. (See putenv(3) to understand
why.) I've adjusted the man page in away that I hope explains things
better:
The clearenv() function may be useful in security-conscious
applications that want to precisely control the environment that
is passed to programs executed using exec(3). The application
would do this by first clearing the environment and then adding
select environment variables.
Note that the main effect of clearenv() is to adjust the value of
the pointer environ(7); this function does not erase the contents
of the buffers containing the environment definitions.
Cheers,
Michael
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: clearenv(3): implies that it's a security tool
[not found] ` <CAKgNAkh0qR-5Kj0-bc6QtAM7j44s41YfNMUOfi_BAiFHYVOO5g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
@ 2016-02-19 12:25 ` Stéphane Aulery
2016-02-19 16:22 ` Matt Zimmerman
1 sibling, 0 replies; 7+ messages in thread
From: Stéphane Aulery @ 2016-02-19 12:25 UTC (permalink / raw)
To: mtk manpages; +Cc: Matt Zimmerman, 679323-61a8vm9lEZVf4u+23C9RwQ, linux-man
Hello Michael and Matt,
----- Michael Kerrisk (man-pages) <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> a écrit :
> On 18 February 2016 at 21:34, Matt Zimmerman <mdz-8fiUuRrzOP0dnm+yROfE0A@public.gmane.org> wrote:
> > Thanks for following up. My recommendation is to say something like:
> >
> > This function DOES NOT securely erase the contents of the environment.
> > Security-conscious applications which need to do this should use ....
> > instead.
>
> So, I think this report is a little confused, but mainly because of
> the poor description in the man page.
>
> The security-conscious applications in this context are those that
> want to precisely control the environment passed to an exec()ed
> program. clearenv() cannot, indeed must not, try to erase the buffers
> containing the environment definitions. (See putenv(3) to understand
> why.) I've adjusted the man page in away that I hope explains things
> better:
>
> The clearenv() function may be useful in security-conscious
> applications that want to precisely control the environment that
> is passed to programs executed using exec(3). The application
> would do this by first clearing the environment and then adding
> select environment variables.
>
> Note that the main effect of clearenv() is to adjust the value of
> the pointer environ(7); this function does not erase the contents
> of the buffers containing the environment definitions.
It's much better that I can do.
If no objection Matt,
I pass the bug report in fixed-upstream.
Regards,
--
Stéphane Aulery
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: clearenv(3): implies that it's a security tool
[not found] ` <CAKgNAkh0qR-5Kj0-bc6QtAM7j44s41YfNMUOfi_BAiFHYVOO5g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-02-19 12:25 ` Stéphane Aulery
@ 2016-02-19 16:22 ` Matt Zimmerman
[not found] ` <20160219162222.GB14410-GlOw+ZFk85JeoWH0uzbU5w@public.gmane.org>
1 sibling, 1 reply; 7+ messages in thread
From: Matt Zimmerman @ 2016-02-19 16:22 UTC (permalink / raw)
To: Michael Kerrisk (man-pages)
Cc: Stéphane Aulery, 679323-61a8vm9lEZVf4u+23C9RwQ, linux-man
On Fri, Feb 19, 2016 at 12:59:05PM +0100, Michael Kerrisk (man-pages) wrote:
> On 18 February 2016 at 21:34, Matt Zimmerman <mdz-8fiUuRrzOP0dnm+yROfE0A@public.gmane.org> wrote:
> > Thanks for following up. My recommendation is to say something like:
> >
> > This function DOES NOT securely erase the contents of the environment.
> > Security-conscious applications which need to do this should use ....
> > instead.
>
> So, I think this report is a little confused, but mainly because of
> the poor description in the man page.
>
> The security-conscious applications in this context are those that
> want to precisely control the environment passed to an exec()ed
> program. clearenv() cannot, indeed must not, try to erase the buffers
> containing the environment definitions. (See putenv(3) to understand
> why.) I've adjusted the man page in away that I hope explains things
> better:
>
> The clearenv() function may be useful in security-conscious
> applications that want to precisely control the environment that
> is passed to programs executed using exec(3). The application
> would do this by first clearing the environment and then adding
> select environment variables.
>
> Note that the main effect of clearenv() is to adjust the value of
> the pointer environ(7); this function does not erase the contents
> of the buffers containing the environment definitions.
Yes, that's much clearer, thank you!
--
- mdz
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: clearenv(3): implies that it's a security tool
[not found] ` <20160219162222.GB14410-GlOw+ZFk85JeoWH0uzbU5w@public.gmane.org>
@ 2016-02-19 16:43 ` Stéphane Aulery
0 siblings, 0 replies; 7+ messages in thread
From: Stéphane Aulery @ 2016-02-19 16:43 UTC (permalink / raw)
To: Matt Zimmerman, control-61a8vm9lEZVf4u+23C9RwQ
Cc: Michael Kerrisk, 679323-61a8vm9lEZVf4u+23C9RwQ, linux-man
tags 679323 + fixed-upstream
stop
-----
Will be fixed in man-pages-4.04.
See commit c66649c83598652222ff2a464e5b82284e6b1acf
by Michael Kerrisk <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>, 2016-02-19 12:04:51 (GMT)
https://git.kernel.org/cgit/docs/man-pages/man-pages.git/commit/man3/clearenv.3?id=c66649c83598652222ff2a464e5b82284e6b1acf
----- Matt Zimmerman <mdz-8fiUuRrzOP0dnm+yROfE0A@public.gmane.org> a écrit :
> On Fri, Feb 19, 2016 at 12:59:05PM +0100, Michael Kerrisk (man-pages) wrote:
> > On 18 February 2016 at 21:34, Matt Zimmerman <mdz-8fiUuRrzOP0dnm+yROfE0A@public.gmane.org> wrote:
> > > Thanks for following up. My recommendation is to say something like:
> > >
> > > This function DOES NOT securely erase the contents of the environment.
> > > Security-conscious applications which need to do this should use ....
> > > instead.
> >
> > So, I think this report is a little confused, but mainly because of
> > the poor description in the man page.
> >
> > The security-conscious applications in this context are those that
> > want to precisely control the environment passed to an exec()ed
> > program. clearenv() cannot, indeed must not, try to erase the buffers
> > containing the environment definitions. (See putenv(3) to understand
> > why.) I've adjusted the man page in away that I hope explains things
> > better:
> >
> > The clearenv() function may be useful in security-conscious
> > applications that want to precisely control the environment that
> > is passed to programs executed using exec(3). The application
> > would do this by first clearing the environment and then adding
> > select environment variables.
> >
> > Note that the main effect of clearenv() is to adjust the value of
> > the pointer environ(7); this function does not erase the contents
> > of the buffers containing the environment definitions.
>
> Yes, that's much clearer, thank you!
Case classified, thank you for your help Matt and Michael!
Regards,
--
Stéphane Aulery
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2016-02-19 16:43 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-18 17:28 clearenv(3): implies that it's a security tool Stéphane Aulery
[not found] ` <2022845728.87847295.1455816499626.JavaMail.root-ejyA1lUx/7j5pO4zsKA69P9ALaXTbT7g0e7PPNI6Mm0@public.gmane.org>
2016-02-18 20:34 ` Matt Zimmerman
[not found] ` <20160218203447.GF3560-GlOw+ZFk85JeoWH0uzbU5w@public.gmane.org>
2016-02-18 21:44 ` Bug#679323: " Stéphane Aulery
2016-02-19 11:59 ` Michael Kerrisk (man-pages)
[not found] ` <CAKgNAkh0qR-5Kj0-bc6QtAM7j44s41YfNMUOfi_BAiFHYVOO5g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-02-19 12:25 ` Stéphane Aulery
2016-02-19 16:22 ` Matt Zimmerman
[not found] ` <20160219162222.GB14410-GlOw+ZFk85JeoWH0uzbU5w@public.gmane.org>
2016-02-19 16:43 ` Stéphane Aulery
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).