Florian Weimer <[email protected]> writes: > The patch will use getauxval(AT_SECURE) or __libc_enable_secure (or > issetuugid on other systems, but which I cannot test). It is not going > to be very portable.
I see (though I'm a bit confused that you removed the use of __libc_enable_secure in CVE-2014-0475). Can't you use secure_getenv, which Gnulib provides a replacement, compare the result with the normal getenv, and apply the pathname check if needed? Regards, -- Daiki Ueno
