On Sat, 14.03.15 19:27, Shawn Landden (sh...@churchofgit.com) wrote:
All these except user_data_home_dir() are certainly vectors for
arbitrary code execution. These should use secure_getenv()
Nah.
We should use secure_getenv() in code that will end up in a suid
binary and in code that suid
Hi
On Sun, Mar 15, 2015 at 12:36 PM, Ronny Chevalier
chevalier.ro...@gmail.com wrote:
2015-03-15 3:27 GMT+01:00 Shawn Landden sh...@churchofgit.com:
All these except user_data_home_dir() are certainly vectors for
arbitrary code execution. These should use secure_getenv()
---
Hi,
I don't
Hi,
On Mon, Mar 16, 2015 at 06:31:29PM +0100, David Herrmann wrote:
Hi
On Sun, Mar 15, 2015 at 12:36 PM, Ronny Chevalier
chevalier.ro...@gmail.com wrote:
2015-03-15 3:27 GMT+01:00 Shawn Landden sh...@churchofgit.com:
All these except user_data_home_dir() are certainly vectors for
2015-03-16 18:31 GMT+01:00 David Herrmann dh.herrm...@gmail.com:
Hi
On Sun, Mar 15, 2015 at 12:36 PM, Ronny Chevalier
chevalier.ro...@gmail.com wrote:
2015-03-15 3:27 GMT+01:00 Shawn Landden sh...@churchofgit.com:
All these except user_data_home_dir() are certainly vectors for
arbitrary
On Mon, Mar 16, 2015, at 02:31 PM, Ronny Chevalier wrote:
I think it would hurt in a SELinux environment. Because if the
AT_SECURE flag is set, secure_getenv will return NULL and tools like
systemctl will fail for certain tasks.
Yeah, beware the possible regressions here, see e.g.:
2015-03-15 3:27 GMT+01:00 Shawn Landden sh...@churchofgit.com:
All these except user_data_home_dir() are certainly vectors for
arbitrary code execution. These should use secure_getenv()
---
Hi,
I don't see why secure_getenv() is appropriate here? These functions
are never used in the
All these except user_data_home_dir() are certainly vectors for
arbitrary code execution. These should use secure_getenv()
---
src/shared/path-lookup.c | 20 ++--
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/src/shared/path-lookup.c b/src/shared/path-lookup.c