oss-sec mailing list archives

Re: libdbus hardening

From: Solar Designer <solar () openwall com>
Date: Tue, 10 Jul 2012 18:07:03 +0400

On Tue, Jul 10, 2012 at 03:58:46PM +0200, Florian Weimer wrote:

On 07/10/2012 03:43 PM, Solar Designer wrote:

We already have __secure_getenv() in glibc, which I think is what
libraries like this should be using on systems with glibc.


Sebastian's patches also include a check on prctl(PR_GET_DUMPABLE).  I'm 
not sure if the libc approach (compare effective and real UIDs/GIDs on 
process start and base process environment trust decisions on that) is 
equivalent.


glibc also uses AT_SECURE.

PR_GET_DUMPABLE catches the extra case of a process that started e.g. as
root and has since switched creds, but do we actually want to restrict
processing of env vars in that case?  Perhaps not, and so AT_SECURE is
more appropriate.

Alexander

Current thread:

libdbus hardening Sebastian Krahmer (Jul 10)
- Re: libdbus hardening Florian Weimer (Jul 10)
  - Re: libdbus hardening Solar Designer (Jul 10)
    - Re: libdbus hardening Florian Weimer (Jul 10)
    - Re: libdbus hardening Solar Designer (Jul 10)
    - Re: libdbus hardening Sebastian Krahmer (Jul 10)
    - Re: libdbus hardening yersinia (Jul 10)
    - Re: libdbus hardening Sebastian Krahmer (Jul 10)
    - Re: libdbus hardening Solar Designer (Jul 10)
    - Re: libdbus hardening Sebastian Krahmer (Jul 10)
    - Re: libdbus hardening Solar Designer (Jul 10)
    - Re: libdbus hardening Florian Weimer (Jul 11)
    - Re: libdbus hardening Tomas Hoger (Sep 13)
- Re: libdbus hardening Simon McVittie (Jul 10)
  - Re: libdbus hardening Sebastian Krahmer (Jul 11)

(Thread continues...)