public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug manual/4017] environment cleaning of unsecvars by setuid/gid programs not documented
[not found] <bug-4017-131@http.sourceware.org/bugzilla/>
@ 2012-05-06 9:13 ` aj at suse dot de
2012-05-06 12:29 ` bugdal at aerifal dot cx
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: aj at suse dot de @ 2012-05-06 9:13 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=4017
Andreas Jaeger <aj at suse dot de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2012-05-06
CC| |aj at suse dot de
AssignedTo|drepper.fsp at gmail dot |unassigned at sourceware
|com |dot org
--- Comment #1 from Andreas Jaeger <aj at suse dot de> 2012-05-06 09:12:52 UTC ---
Still in glibc 2.15
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread* [Bug manual/4017] environment cleaning of unsecvars by setuid/gid programs not documented
[not found] <bug-4017-131@http.sourceware.org/bugzilla/>
2012-05-06 9:13 ` [Bug manual/4017] environment cleaning of unsecvars by setuid/gid programs not documented aj at suse dot de
@ 2012-05-06 12:29 ` bugdal at aerifal dot cx
2012-05-07 0:11 ` ppluzhnikov at google dot com
2015-01-29 13:38 ` fweimer at redhat dot com
3 siblings, 0 replies; 5+ messages in thread
From: bugdal at aerifal dot cx @ 2012-05-06 12:29 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=4017
Rich Felker <bugdal at aerifal dot cx> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bugdal at aerifal dot cx
--- Comment #2 from Rich Felker <bugdal at aerifal dot cx> 2012-05-06 12:29:26 UTC ---
This behavior is also non-conformant. The library should *ignore* such
environment variables when the program was invoked as suid, but it should not
prune them. A conforming application can expect to be able to inspect them
(e.g. to validate them itself and use them for its own purposes if they're
deemed safe) or have them successfully passed on to a new process or process
image. This latter usage is safe if the program has dropped privileges before
doing so, and if a program running with elevated privileges is going to exec or
spawn child processes without dropping privileges, it MUST clear the whole
environment or at least all but a small whitelisted set of variables to be
secure.
glibc's behavior of pruning the environment actually makes things a lot LESS
secure in the latter case, because programmers may forget (or assume they don't
need) to do this whitelist-based pruning themselves. This is not safe, because
glibc only knows about the variables which it uses, not other
third-party-library-specific or application-specific variables that could be
equally dangerous.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread* [Bug manual/4017] environment cleaning of unsecvars by setuid/gid programs not documented
[not found] <bug-4017-131@http.sourceware.org/bugzilla/>
2012-05-06 9:13 ` [Bug manual/4017] environment cleaning of unsecvars by setuid/gid programs not documented aj at suse dot de
2012-05-06 12:29 ` bugdal at aerifal dot cx
@ 2012-05-07 0:11 ` ppluzhnikov at google dot com
2015-01-29 13:38 ` fweimer at redhat dot com
3 siblings, 0 replies; 5+ messages in thread
From: ppluzhnikov at google dot com @ 2012-05-07 0:11 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=4017
Paul Pluzhnikov <ppluzhnikov at google dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ppluzhnikov at google dot
| |com
--- Comment #3 from Paul Pluzhnikov <ppluzhnikov at google dot com> 2012-05-07 00:10:49 UTC ---
(In reply to comment #2)
> This behavior is also non-conformant. The library should *ignore* such
> environment variables when the program was invoked as suid, but it should not
> prune them.
FWIW, I recently had to implement a "setuid(); execve();" wrapper entirely in
assembly, just so I could avoid this unsetting of LD_DEBUG, etc. by glibc.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread* [Bug manual/4017] environment cleaning of unsecvars by setuid/gid programs not documented
[not found] <bug-4017-131@http.sourceware.org/bugzilla/>
` (2 preceding siblings ...)
2012-05-07 0:11 ` ppluzhnikov at google dot com
@ 2015-01-29 13:38 ` fweimer at redhat dot com
3 siblings, 0 replies; 5+ messages in thread
From: fweimer at redhat dot com @ 2015-01-29 13:38 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=4017
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/4017] New: environment cleaning of unsecvars by setuid/gid programs not documented
@ 2007-02-09 16:43 jrodman at sources-bugzilla dot spamportal dot net
2007-02-09 19:11 ` [Bug manual/4017] " drepper at redhat dot com
0 siblings, 1 reply; 5+ messages in thread
From: jrodman at sources-bugzilla dot spamportal dot net @ 2007-02-09 16:43 UTC (permalink / raw)
To: glibc-bugs
The gnu libc documentation makes no mention of ld.so pruning the environment of
variables such as TMPDIR when running setuid/setgid programs. This makes can
make determining the cause of some missing environment values much more
confusing in some cases.
--
Summary: environment cleaning of unsecvars by setuid/gid programs
not documented
Product: glibc
Version: unspecified
Status: NEW
Severity: minor
Priority: P2
Component: libc
AssignedTo: drepper at redhat dot com
ReportedBy: jrodman at sources-bugzilla dot spamportal dot net
CC: glibc-bugs at sources dot redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=4017
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-01-29 13:38 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <bug-4017-131@http.sourceware.org/bugzilla/>
2012-05-06 9:13 ` [Bug manual/4017] environment cleaning of unsecvars by setuid/gid programs not documented aj at suse dot de
2012-05-06 12:29 ` bugdal at aerifal dot cx
2012-05-07 0:11 ` ppluzhnikov at google dot com
2015-01-29 13:38 ` fweimer at redhat dot com
2007-02-09 16:43 [Bug libc/4017] New: " jrodman at sources-bugzilla dot spamportal dot net
2007-02-09 19:11 ` [Bug manual/4017] " drepper at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).