Hi tech@,
About a week ago, a patch was a committed (440a56a0) that added
issetugid() checks before a few getenv() calls. Among the changes was
one to lib/libssl/src/crypto/engine/eng_list.c, but it doesn't really
make sense to me:
- if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
+ if (issetugid() == 0 ||
+ (load_dir = getenv("OPENSSL_ENGINES")) == 0)
load_dir = ENGINESDIR;
As I understand it, a tainted process should not be looking for advice
from environment variables on how to proceed. It seems to me, however,
that the patch ensures that *only* tainted processes use the mentioned
variable.
Am I missing something here?
Keep up the good work,
Stijn
