This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Tunables-related security regression


On Mon, Jan 23, 2017 at 8:00 AM, Siddhesh Poyarekar <siddhesh@gotplt.org> wrote:
> - all of the other MALLOC_* envvars

by which I think you mean "all of the MALLOC_* envvars except MALLOC_TRACE"?

> are ignored in AT_SECURE, but are passed on to
> non-AT_SECURE subprocesses.

MALLOC_CHECK_ is also clearly unsafe to pass on, and all of the others
look like they could at least be used for denial of service.

> I suppose if the threat perception of
> passing on envvars from AT_SECURE to non-AT_SECURE is high enough, it
> could be a case for simply dropping category (2) completely.

That's where I am right now.

zw


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]