On Jun 28, 2014, at 7:32 PM, Stijn van Drongelen <[email protected]> wrote:
> Hi tech@,
>
> About a week ago, a patch was a committed (440a56a0) that added
> issetugid() checks before a few getenv() calls. Among the changes was
> one to lib/libssl/src/crypto/engine/eng_list.c, but it doesn't really
> make sense to me:
>
> - if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
> + if (issetugid() == 0 ||
> + (load_dir = getenv("OPENSSL_ENGINES")) == 0)
> load_dir = ENGINESDIR;
Maybe a secure_getenv() wrapper, like glibc 2.17 has, would make coding these
accesses a little clearer and less error prone.
> As I understand it, a tainted process should not be looking for advice
> from environment variables on how to proceed. It seems to me, however,
> that the patch ensures that *only* tainted processes use the mentioned
> variable.
>
> Am I missing something here?
>
> Keep up the good work,
> Stijn
