This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

issetugid?

From: Rich Felker <dalias at libc dot org>
To: libc-alpha at sourceware dot org
Date: Wed, 16 Jul 2014 00:07:26 -0400
Subject: issetugid?
Authentication-results: sourceware.org; auth=none

Hi everyone,

Recently Brent Cook from OpenBSD has been in contact with the musl
libc developers (see http://www.openwall.com/lists/musl/2014/07/)
regarding getting musl to provide an issetugid function compatible
with the BSD function by the same name. LibreSSL apparently wants to
use this (they use a really ugly, somewhat broken version if the
system does not provide one) and it seems very useful anyway for
third-party libraries to have this information available to them to
avoid introducing vulnerabilities. IMO this is more useful than
secure_getenv because it can be used for making decisions about
trusting other parts of the initial execution state in addition to the
most obvious such state, the environment.

In the interest of fostering cooperation rather than fragmentation
when adding new APIs like this, I'd like to know if the glibc side has
any interest in adding this function, or any objections to the way it
works on BSDs and what's been proposed for inclusion in musl (see the
link above).

Comments?

Rich

Follow-Ups:
- Re: issetugid?
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]