[systemd-devel] [PATCH] path-lookup: use secure_getenv()

Ronny Chevalier chevalier.ronny at gmail.com
Mon Mar 16 11:31:50 PDT 2015

2015-03-16 18:31 GMT+01:00 David Herrmann <dh.herrmann at gmail.com>:
> Hi
> On Sun, Mar 15, 2015 at 12:36 PM, Ronny Chevalier
> <chevalier.ronny at gmail.com> wrote:
>> 2015-03-15 3:27 GMT+01:00 Shawn Landden <shawn at churchofgit.com>:
>>> All these except user_data_home_dir() are certainly vectors for
>>> arbitrary code execution. These should use secure_getenv()
>>> ---
>> Hi,
>> I don't see why secure_getenv() is appropriate here? These functions
>> are never used in the libraries systemd provides, they are mostly used
>> by systemctl and the dbus manager. Can you provide more details?
> You're right, but on the other hand secure_getenv() is usually
> sufficient (we don't use setuid() nor fs-caps). So secure_getenv()
> wouldn't hurt.

I think it would hurt in a SELinux environment. Because if the
AT_SECURE flag is set, secure_getenv will return NULL and tools like
systemctl will fail for certain tasks.

> But I don't really care..
> Thanks
> David

More information about the systemd-devel mailing list