On 2/19/19 11:21 AM, Corinna Vinschen wrote: >> That said, while it is ideal to avoid squashing to NULL in situations >> that are not security boundaries (as with your STC displaying HOME even >> after seteuid() on Linux), I'm also okay if we filter too aggressively >> (the way gnulib's fallback implementation does when neither >> __secure_getenv() nor issetugid() available). > > In fact, gnulib's implementation would chose the > > if (issetugid ()) > return NULL; > return getenv (name); > > branch on Cygwin right now, just as on BSDs. If that's the right thing > to do for BSD, it's not... *really* wrong for Cygwin either, regardless > what Linux is doing. > > That in turn means Yaakov's patch is perfeclty fine since it's equivalent > to the above gnulib code. > > Agreed?
Yes. -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
