NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Linux Security Auditing Project> 2000-q2

Subject: Re: glibc env. vars. (again) (fwd)
From: Chris Evans (chrisferret.lmh.ox.ac.uk)
Date: Wed May 24 2000 - 16:34:58 CDT

Next message: Chris Evans: "Here's another glibc env. var."
Previous message: Chris Evans: "Re: glibc env. vars. (again)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Thats a glibc security hole period

I think it's safe -
^^^^^^^^^^^^^^^^^

Of course when I said "safe", I mean in the context of the
write(2,...) case. MALLOC_CHECK_ should still be wrapped in
secure_getenv. Otherwise with MALLOC_CHECK_=2, users can essentially
abort() suid programs upon minor memory mismanagement

Cheers
Chris

Next message: Chris Evans: "Here's another glibc env. var."
Previous message: Chris Evans: "Re: glibc env. vars. (again)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]