This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Tunables-related security regression

On Mon, 23 Jan 2017, Zack Weinberg wrote:

> (With http://austingroupbugs.net/view.php?id=188 in mind, what would
> you think of a `get_secure_child_environ()` extension, that returns an
> environment vector suitable for use as the third argument to `execve`,
> consisting of a _whitelisted_ subset of the process's environment?
> Assuming we can agree on what the whitelist should be.  ... PATH may
> be a headache.  The vector itself (not the strings it points to)
> should be malloced.)

I think something like that is reasonable (while remembering that the 
requirements for such an API as an extension might be different from the 
requirements for any such API added to POSIX in future, if the POSIX 
version is supposed to give a POSIX-conforming environment).

-- 
Joseph S. Myers
joseph@codesourcery.com
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]