[systemd-devel] [PATCH] path-lookup: use secure_getenv()
Colin Walters
walters at verbum.org
Mon Mar 16 11:55:50 PDT 2015
On Mon, Mar 16, 2015, at 02:31 PM, Ronny Chevalier wrote:
> I think it would hurt in a SELinux environment. Because if the
> AT_SECURE flag is set, secure_getenv will return NULL and tools like
> systemctl will fail for certain tasks.
Yeah, beware the possible regressions here, see e.g.:
https://bugs.freedesktop.org/show_bug.cgi?id=52202#c25
Last time I looked at this I ended up deciding it was the responsibility of setuid binaries to whitelist their environment. Libraries may use choose to use secure_getenv() from the start, but *changing* an existing libary that way also changes the semantics of all setuid binaries using it, and needs evaluatoin.
More information about the systemd-devel
mailing list