This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Define secure_getenv (v3)
On 07/24/2012 02:48 AM, Carlos O'Donell wrote:
This third version looks good to me. You are almost done. Lastly you
need to write
a NEWS entry that will go into the NEWS file and show up in the official release
announcement when we roll out 2.17. As an example see the entry for the addition
of getauxval.
What about the attached change?
I'm sorry that your patch has gotten so much bigger, but that's the nature of
pulling on loose strings. I hope that the process hasn't been to burdensome, and
that we've provided you with enough feedback to keep it moving.
I learned quite a bit during this and almost forgot about the hidden
costs of this change. I still have the lingering feeling that it will
hurt us in the mid-term. 8-/
--
Florian Weimer / Red Hat Product Security Team
diff --git a/NEWS b/NEWS
index 416bf89..d6c9822 100644
--- a/NEWS
+++ b/NEWS
@@ -17,6 +17,10 @@ Version 2.17
zEnterprise z196.
Implemented by Andreas Krebbel.
+* The new function secure_getenv allows secure access to the environment,
+ returning NULL if running in a SUID/SGID process. This function replaces
+ the internal function __secure_getenv.
+
�
Version 2.16