[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[MiNT] getenv() and security



Hi,

the GNU libc disables most library-internal usage of the environment if a
process was started with the suid/sgid bit set on, when real and effective
user/group id differ.  Does anybody know what is unsafe for suid programs
to do for example getenv ("HOME") or getenv ("TMPDIR")?

I wonder if the underlying problem applies at all to MiNT and if the
MiNTLib should behave accordingly or not.  Furthermore, I think that
whatever the security problem with getenv() is, that the library should
return to normal behavior when the process changes persona again to an
ordinary lemmings user, shouldn't it?  But that would impose problems for
multi-threaded applications if (like in the GNU libc) a global flag is
used.  A cleaner solution would then be to accept the overhead and call
Pgete[gu]id/Pget[gu]id whenever an environment variable is requested to
check whether these security restrictions are still applicable or not.

Any ideas?

Ciao

Guido
-- 
http://stud.uni-sb.de/~gufl0000
mailto:gufl0000@stud.uni-sb.de