Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 11 Jul 2012 16:12:09 +0200
From: yersinia <yersinia.spiros@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: libdbus hardening

Dunno if OT.

But exists in other linux libc implementation similar more secure
alternatives to getenv ?

Thanks

2012/7/11, Solar Designer <solar@...nwall.com>:
> On Wed, Jul 11, 2012 at 11:05:03AM +0200, Sebastian Krahmer wrote:
>> Ok. We are not in a hurry. I added the new patch to
>>
>> https://bugzilla.novell.com/show_bug.cgi?id=697105
>>
>> using __secure_getenv().
>
> You could want to add a #warning after the #else (when __secure_getenv
> is not detected by the configure script), although I'd prefer these
> things to be fail-close (build failing if __secure_getenv is expected to
> be present, but is not detected).  This is an issue with
> security-related autoconf checks in general.
>
> Alexander
>

-- 
Inviato dal mio dispositivo mobile

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.