[systemd-devel] [PATCH] path-lookup: use secure_getenv()

Lennart Poettering lennart at poettering.net
Sun Mar 22 20:56:44 PDT 2015

On Sat, 14.03.15 19:27, Shawn Landden (shawn at churchofgit.com) wrote:

> All these except user_data_home_dir() are certainly vectors for
> arbitrary code execution. These should use secure_getenv()


We should use secure_getenv() in code that will end up in a suid
binary and in code that suid binaries might make use of. I really
don't see how either of these cases might apply here, since the code
is only called internally in our code and we don't have suid binaries.

A longer time ago I went through all invocations of getenv() and
checked whether they should be secure_getenv() instead, fixed them,
and I don't think that much changed since.

Anyway, it might be that some of our newer invocations of getenv()
should use secure_getenv() instead, but I am not aware of any and the
ones you pointed out don't qualify.


Lennart Poettering, Red Hat

More information about the systemd-devel mailing list