[16291] in Kerberos-V5-bugs
[krbdev.mit.edu #8800] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Tue Apr 30 18:09:29 2019
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: Greg Hudson via RT <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To: <rt-8800@krbdev.mit.edu>
Message-ID: <rt-8800-49402.7.6128916124096@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #8800'":;
Date: Tue, 30 Apr 2019 18:09:15 -0400
MIME-Version: 1.0
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Add secure_getenv() support
On systems with secure_getenv() (glibc 2.17+) use it directly. For
the fallback implementation, check the current process uids and gids
in a library initializer, looking at the saved uid and gid where
possible. Include a comment about more aggressive approaches to
detecting elevated privilege.
https://github.com/krb5/krb5/commit/ff71934f40afd4ae536638fa626fcd9ab36daf75
Author: Greg Hudson <ghudson@mit.edu>
Commit: ff71934f40afd4ae536638fa626fcd9ab36daf75
Branch: master
src/configure.ac | 16 +++++-
src/include/k5-platform.h | 9 +++
src/util/support/Makefile.in | 16 ++++--
src/util/support/secure_getenv.c | 111 ++++++++++++++++++++++++++++++++++++++
4 files changed, 146 insertions(+), 6 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
