[systemd-devel] [PATCH] path-lookup: use secure_getenv()

David Herrmann dh.herrmann at gmail.com
Mon Mar 16 10:31:29 PDT 2015


On Sun, Mar 15, 2015 at 12:36 PM, Ronny Chevalier
<chevalier.ronny at gmail.com> wrote:
> 2015-03-15 3:27 GMT+01:00 Shawn Landden <shawn at churchofgit.com>:
>> All these except user_data_home_dir() are certainly vectors for
>> arbitrary code execution. These should use secure_getenv()
>> ---
> Hi,
> I don't see why secure_getenv() is appropriate here? These functions
> are never used in the libraries systemd provides, they are mostly used
> by systemctl and the dbus manager. Can you provide more details?

You're right, but on the other hand secure_getenv() is usually
sufficient (we don't use setuid() nor fs-caps). So secure_getenv()
wouldn't hurt.
But I don't really care..


More information about the systemd-devel mailing list