This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/12155] MALLOC_MMAP_THRESHOLD_ and MALLOC_MMAP_MAX_ (wrongly) have effect in setgid programs
- From: "mtk.manpages at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Sun, 24 Oct 2010 07:11:35 +0000
- Subject: [Bug libc/12155] MALLOC_MMAP_THRESHOLD_ and MALLOC_MMAP_MAX_ (wrongly) have effect in setgid programs
- Auto-submitted: auto-generated
- References: <bug-12155-131@http.sourceware.org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=12155
--- Comment #4 from Michael Kerrisk <mtk.manpages at gmail dot com> 2010-10-24 05:19:17 UTC ---
(In reply to comment #3)
> And what is the issue? Don't you have anything better to do than complain
> about completely irrelevant things?
This is not a complaint. It's a bug report. Do you really have no better mode
of response than this?
The issue is twofold:
1. Consistency: in almost all cases, the MALLOC_*_ environment variables are
ignored in setuid and setgid programs. The inconsistency noted in this report
could lead to unexpected behavior (bugs).
2. Security: if the MALLOC_*_ environment variables are disabled for security
reasons, and in particular MALLOC_MMAP_*_ are disabled for setuid programs, the
security risk must be similar for setgid programs. In other words, either
a) there is a security problem and these variables should be disabled for both
setuid and setgid programs, or
b) there is no security problem and they should be enabled for both setuid and
setgid programs.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.