Package: p11-kit
Version: 0.18.5-1
Severity: serious
User: debian-...@lists.debian.org
Usertags: kfreebsd
Hi,
this is follow up to #717912.
While the libc header can be fixed, the use case in p11-kit is wrong one.
Please try convince upstream to prefer issetugid()
and use getauxval() only under linux.
I expect that
https://bugs.freedesktop.org/show_bug.cgi?id=67451
have the same reason ...
Petr
-------------------------------------------------------------------------
p11-kit 0.18.5 uses getauxval (AT_SECURE) to detect SUID or SGID execution.
It checks at configure time for the function with
AC_CHECK_FUNCS([getauxval], but not whether AT_SECURE works. If
getauxval is missing a replacement will be used. The fact that
getauxval(AT_SECURE) does not throw a compiler error on freebsd (as
in: error: 'AT_SECURE' undeclared) makes writing a configure test
unnecessarily complicated.
Blindly using getauxval() for detecting issetugid () is wrong approach,
especially for security detection.
Please see man page:
RETURN VALUE
On success, getauxval() returns the value corresponding to type. If type
is not found, 0 is returned.
ERRORS
No errors are diagnosed.
There is no guarantee, that when AT_SECURE is defined,
it will be also supplied by kernel.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
