public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug manual/4017] environment cleaning of unsecvars by setuid/gid programs not documented
       [not found] <bug-4017-131@http.sourceware.org/bugzilla/>
@ 2012-05-06  9:13 ` aj at suse dot de
  2012-05-06 12:29 ` bugdal at aerifal dot cx
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: aj at suse dot de @ 2012-05-06  9:13 UTC (permalink / raw)
  To: glibc-bugs

http://sourceware.org/bugzilla/show_bug.cgi?id=4017

Andreas Jaeger <aj at suse dot de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Last reconfirmed|                            |2012-05-06
                 CC|                            |aj at suse dot de
         AssignedTo|drepper.fsp at gmail dot    |unassigned at sourceware
                   |com                         |dot org

--- Comment #1 from Andreas Jaeger <aj at suse dot de> 2012-05-06 09:12:52 UTC ---
Still in glibc 2.15

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug manual/4017] environment cleaning of unsecvars by setuid/gid programs not documented
       [not found] <bug-4017-131@http.sourceware.org/bugzilla/>
  2012-05-06  9:13 ` [Bug manual/4017] environment cleaning of unsecvars by setuid/gid programs not documented aj at suse dot de
@ 2012-05-06 12:29 ` bugdal at aerifal dot cx
  2012-05-07  0:11 ` ppluzhnikov at google dot com
  2015-01-29 13:38 ` fweimer at redhat dot com
  3 siblings, 0 replies; 5+ messages in thread
From: bugdal at aerifal dot cx @ 2012-05-06 12:29 UTC (permalink / raw)
  To: glibc-bugs

http://sourceware.org/bugzilla/show_bug.cgi?id=4017

Rich Felker <bugdal at aerifal dot cx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bugdal at aerifal dot cx

--- Comment #2 from Rich Felker <bugdal at aerifal dot cx> 2012-05-06 12:29:26 UTC ---
This behavior is also non-conformant. The library should *ignore* such
environment variables when the program was invoked as suid, but it should not
prune them. A conforming application can expect to be able to inspect them
(e.g. to validate them itself and use them for its own purposes if they're
deemed safe) or have them successfully passed on to a new process or process
image. This latter usage is safe if the program has dropped privileges before
doing so, and if a program running with elevated privileges is going to exec or
spawn child processes without dropping privileges, it MUST clear the whole
environment or at least all but a small whitelisted set of variables to be
secure.

glibc's behavior of pruning the environment actually makes things a lot LESS
secure in the latter case, because programmers may forget (or assume they don't
need) to do this whitelist-based pruning themselves. This is not safe, because
glibc only knows about the variables which it uses, not other
third-party-library-specific or application-specific variables that could be
equally dangerous.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug manual/4017] environment cleaning of unsecvars by setuid/gid programs not documented
       [not found] <bug-4017-131@http.sourceware.org/bugzilla/>
  2012-05-06  9:13 ` [Bug manual/4017] environment cleaning of unsecvars by setuid/gid programs not documented aj at suse dot de
  2012-05-06 12:29 ` bugdal at aerifal dot cx
@ 2012-05-07  0:11 ` ppluzhnikov at google dot com
  2015-01-29 13:38 ` fweimer at redhat dot com
  3 siblings, 0 replies; 5+ messages in thread
From: ppluzhnikov at google dot com @ 2012-05-07  0:11 UTC (permalink / raw)
  To: glibc-bugs

http://sourceware.org/bugzilla/show_bug.cgi?id=4017

Paul Pluzhnikov <ppluzhnikov at google dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ppluzhnikov at google dot
                   |                            |com

--- Comment #3 from Paul Pluzhnikov <ppluzhnikov at google dot com> 2012-05-07 00:10:49 UTC ---
(In reply to comment #2)
> This behavior is also non-conformant. The library should *ignore* such
> environment variables when the program was invoked as suid, but it should not
> prune them.

FWIW, I recently had to implement a "setuid(); execve();" wrapper entirely in
assembly, just so I could avoid this unsetting of LD_DEBUG, etc. by glibc.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug manual/4017] environment cleaning of unsecvars by setuid/gid programs not documented
       [not found] <bug-4017-131@http.sourceware.org/bugzilla/>
                   ` (2 preceding siblings ...)
  2012-05-07  0:11 ` ppluzhnikov at google dot com
@ 2015-01-29 13:38 ` fweimer at redhat dot com
  3 siblings, 0 replies; 5+ messages in thread
From: fweimer at redhat dot com @ 2015-01-29 13:38 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=4017

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fweimer at redhat dot com
              Flags|                            |security-

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug manual/4017] environment cleaning of unsecvars by setuid/gid programs not documented
  2007-02-09 16:43 [Bug libc/4017] New: " jrodman at sources-bugzilla dot spamportal dot net
@ 2007-02-09 19:11 ` drepper at redhat dot com
  0 siblings, 0 replies; 5+ messages in thread
From: drepper at redhat dot com @ 2007-02-09 19:11 UTC (permalink / raw)
  To: glibc-bugs



-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|libc                        |manual


http://sourceware.org/bugzilla/show_bug.cgi?id=4017

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-01-29 13:38 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <bug-4017-131@http.sourceware.org/bugzilla/>
2012-05-06  9:13 ` [Bug manual/4017] environment cleaning of unsecvars by setuid/gid programs not documented aj at suse dot de
2012-05-06 12:29 ` bugdal at aerifal dot cx
2012-05-07  0:11 ` ppluzhnikov at google dot com
2015-01-29 13:38 ` fweimer at redhat dot com
2007-02-09 16:43 [Bug libc/4017] New: " jrodman at sources-bugzilla dot spamportal dot net
2007-02-09 19:11 ` [Bug manual/4017] " drepper at redhat dot com

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).