Tunables-related security regression
Joseph Myers
joseph@codesourcery.com
Mon Jan 23 22:32:00 GMT 2017
On Mon, 23 Jan 2017, Zack Weinberg wrote:
> (With http://austingroupbugs.net/view.php?id=188 in mind, what would
> you think of a `get_secure_child_environ()` extension, that returns an
> environment vector suitable for use as the third argument to `execve`,
> consisting of a _whitelisted_ subset of the process's environment?
> Assuming we can agree on what the whitelist should be. ... PATH may
> be a headache. The vector itself (not the strings it points to)
> should be malloced.)
I think something like that is reasonable (while remembering that the
requirements for such an API as an extension might be different from the
requirements for any such API added to POSIX in future, if the POSIX
version is supposed to give a POSIX-conforming environment).
--
Joseph S. Myers
joseph@codesourcery.com
More information about the Libc-alpha
mailing list