On Feb 18 23:09, Yaakov Selkowitz wrote: > Signed-off-by: Yaakov Selkowitz <[email protected]> > --- > This is being used more frequently. Since we don't have Linux capabilities, > setuid/setgid is the only condition we have to check.
I'm not sure this is right. The Linux man page claims
"Secure execution is required if one of the following conditions was
true when the program run by the calling process was loaded: [...]"
Do we ever have this situation? We don't have any capability to make
real and effective user ID different at process startup. But from that
description it seems secure_getenv does not trigger secure mode if the
process calls seteuid() or setreuid() later in the process.
I ran this STC as root under Linux:
# cat > sec-getenv-test.c <<EOF
#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <sys/types.h>
#include <unistd.h>
int main ()
{
char *env;
env = secure_getenv ("HOME");
printf ("vor seteuid: HOME=%p <%s>\n", env, env ?: "");
if (seteuid (74) < 0)
printf ("seteuid: %d <%s>\n", errno, strerror (errno));
else
{
env = secure_getenv ("HOME");
printf ("nach seteuid: HOME=%p <%s>\n", env, env ?: "");
}
return 0;
}
EOF
# gcc -g -o sec-getenv-test sec-getenv-test.c
# ./sec-getenv-test
vor seteuid: HOME=0x7fff17a04ea2 </root>
nach seteuid: HOME=0x7fff17a04ea2 </root>
Corinna
--
Corinna Vinschen
Cygwin Maintainer
signature.asc
Description: PGP signature
