[Bug libstdc++/65018] Use secure_getenv when available
jakub at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Wed Feb 11 12:26:00 GMT 2015
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65018
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jakub at gcc dot gnu.org
--- Comment #1 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
I think LC_ALL/LANG/ and the other LC_* vars are ok as is, at least glibc
normally doesn't consider them as unsecvars. But e.g. LOCPATH is considered
problematic for suid/sgid. Locales and translations should be picked up by
default from directories normal users don't have access to, and localization of
suid/sgid is desirable. The main problem is if some env var lets e.g. the
program write some file, or significantly change behavior from the behavior
that has been tested, etc.
More information about the Gcc-bugs
mailing list