Hi, On Mon, Mar 16, 2015 at 06:31:29PM +0100, David Herrmann wrote: > Hi > > On Sun, Mar 15, 2015 at 12:36 PM, Ronny Chevalier > <chevalier.ro...@gmail.com> wrote: > > 2015-03-15 3:27 GMT+01:00 Shawn Landden <sh...@churchofgit.com>: > >> All these except user_data_home_dir() are certainly vectors for > >> arbitrary code execution. These should use secure_getenv() > >> --- > > > > Hi, > > > > I don't see why secure_getenv() is appropriate here? These functions > > are never used in the libraries systemd provides, they are mostly used > > by systemctl and the dbus manager. Can you provide more details? > > You're right, but on the other hand secure_getenv() is usually > sufficient (we don't use setuid() nor fs-caps). So secure_getenv() > wouldn't hurt. > But I don't really care.. Yeh, perhaps just push them and forget about them even if they are called later from libraries or copy+past into a library call... ?!
> Thanks > David > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- Djalal Harouni http://opendz.org _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel