From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 31797 invoked by alias); 29 Jun 2014 13:36:13 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Received: (qmail 31513 invoked by uid 48); 29 Jun 2014 13:36:04 -0000 From: "busterb at gmail dot com" To: glibc-bugs@sourceware.org Subject: [Bug libc/17100] secure_getenv() does not seem to properly detect if an environment is secure Date: Sun, 29 Jun 2014 13:36:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Version: 2.19 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: busterb at gmail dot com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-06/txt/msg02061.txt.bz2 https://sourceware.org/bugzilla/show_bug.cgi?id=17100 --- Comment #4 from Brent Cook --- Thank you for the clarification. Though AT_SECURE is available in all kernels that glibc supports, is there be any way for an adversary to cause the fallback case to be triggered through external means? That there is a fallback case is a little misleading since it does not also perform the capabilities checks that the kernel does, so I don't think one would want it to inadvertently execute on any kernel that implements capabilities: http://lxr.free-electrons.com/source/security/commoncap.c#L590 -- You are receiving this mail because: You are on the CC list for the bug.