[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-gettext] intl: Proof against invalid offset/length
From: |
Daiki Ueno |
Subject: |
Re: [bug-gettext] intl: Proof against invalid offset/length |
Date: |
Sat, 21 Mar 2015 12:17:01 +0900 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.4 (gnu/linux) |
Florian Weimer <address@hidden> writes:
> The patch will use getauxval(AT_SECURE) or __libc_enable_secure (or
> issetuugid on other systems, but which I cannot test). It is not going
> to be very portable.
I see (though I'm a bit confused that you removed the use of
__libc_enable_secure in CVE-2014-0475). Can't you use secure_getenv,
which Gnulib provides a replacement, compare the result with
the normal getenv, and apply the pathname check if needed?
Regards,
--
Daiki Ueno
- [bug-gettext] intl: Proof against invalid offset/length, Daiki Ueno, 2015/03/11
- Re: [bug-gettext] intl: Proof against invalid offset/length, Carlos O'Donell, 2015/03/11
- Re: [bug-gettext] intl: Proof against invalid offset/length, Mike Frysinger, 2015/03/11
- Re: [bug-gettext] intl: Proof against invalid offset/length, Bruno Haible, 2015/03/11
- Re: [bug-gettext] intl: Proof against invalid offset/length, Florian Weimer, 2015/03/13
- Re: [bug-gettext] intl: Proof against invalid offset/length, Carlos O'Donell, 2015/03/13
- Re: [bug-gettext] intl: Proof against invalid offset/length, Daiki Ueno, 2015/03/19
- Re: [bug-gettext] intl: Proof against invalid offset/length, Florian Weimer, 2015/03/20
- Re: [bug-gettext] intl: Proof against invalid offset/length,
Daiki Ueno <=
- Re: [bug-gettext] intl: Proof against invalid offset/length, Florian Weimer, 2015/03/23