ANNOUNCE: p11-kit 0.18.5

Stef Walter stefw at redhat.com
Fri Jul 19 07:16:54 PDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 19.07.2013 15:52, Daniel Kahn Gillmor wrote:
> On 07/19/2013 09:46 AM, Stef Walter wrote:
> 
>> Perhaps Debian does not have AT_SECURE as a possible value for 
>> getauxval(). Is it listed in the manual page?
> 
> It's in the manual, at least:
> 
>>> 0 dkg at alice:~$ man getauxval | grep -A9 AT_SECURE AT_SECURE Has
>>> a  nonzero  value  if  this  executable  should  be treated 
>>> securely.  Most commonly, a nonzero  value  indicates  that
>>> the process  is  executing  a  set-user-ID  or set-group-ID
>>> program; alternatively, a nonzero value may be triggered by a
>>> Linux Secu? rity  Module.   When  this  value is nonzero, the
>>> dynamic linker disables the use  of  certain  environment
>>> variables  (see  ld- linux.so(8))  and  glibc  changes other
>>> aspects of its behavior. (See also secure_getenv(3).)
>>> 
>>> 0 dkg at alice:~$

Interesting.

I realize I'm being lazy here, but is there the possibility that
either you or Andreas could make common/tests/frob-getauxval be setgid
and then run it and see what the exit code and output is? On Debian.

Cheers,

Stef

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlHpSlYACgkQe/sRCNknZa/jwgCfVftn9YETPpDXTcuvqOIU7VYM
tRcAoNGI/xUAvGUWXLzxXL9I1oNZPfCN
=nqQR
-----END PGP SIGNATURE-----


More information about the p11-glue mailing list