This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/17100] secure_getenv() does not seem to properly detect if an environment is secure
- From: "busterb at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Sun, 29 Jun 2014 13:36:02 +0000
- Subject: [Bug libc/17100] secure_getenv() does not seem to properly detect if an environment is secure
- Auto-submitted: auto-generated
- References: <bug-17100-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=17100
--- Comment #4 from Brent Cook <busterb at gmail dot com> ---
Thank you for the clarification.
Though AT_SECURE is available in all kernels that glibc supports, is there be
any way for an adversary to cause the fallback case to be triggered through
external means?
That there is a fallback case is a little misleading since it does not also
perform the capabilities checks that the kernel does, so I don't think one
would want it to inadvertently execute on any kernel that implements
capabilities:
http://lxr.free-electrons.com/source/security/commoncap.c#L590
--
You are receiving this mail because:
You are on the CC list for the bug.