Re: _nc_env_access also denies non-root users from reading env vars

bug-ncurses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: _nc_env_access also denies non-root users from reading env vars

From:	Arnavion
Subject:	Re: _nc_env_access also denies non-root users from reading env vars
Date:	Sun, 29 Aug 2021 02:36:23 -0700

On Sat, Aug 28, 2021 at 12:33 AM Arnavion <me@arnavion.dev> wrote:
> That is, it should've been:
>
> +    } else if ((getuid() == ROOT_UID) || (geteuid() == ROOT_UID)) {
> +       result = FALSE;
> +    }
>

Thomas, I see patch 20210828 has:

-    } else if ((getuid() != ROOT_UID) && (geteuid() != ROOT_UID)) {
+    } else if ((getuid() == ROOT_UID) && (geteuid() == ROOT_UID)) {
        result = FALSE;

Did you mean to have that be && and not || ? The code before 20210626
would've disallowed suid binaries from reading the env vars.
The code after 20210828 will allow them.

Thanks,
Arnav Singh

[Prev in Thread]

Current Thread

[Next in Thread]

_nc_env_access also denies non-root users from reading env vars, Arnavion, 2021/08/28
- Re: _nc_env_access also denies non-root users from reading env vars, Arnavion <=
  - Re: _nc_env_access also denies non-root users from reading env vars, Thomas Dickey, 2021/08/29

Prev by Date: ANN: ncurses-6.2-20210828
Next by Date: Re: _nc_env_access also denies non-root users from reading env vars
Previous by thread: _nc_env_access also denies non-root users from reading env vars
Next by thread: Re: _nc_env_access also denies non-root users from reading env vars
Index(es):
- Date
- Thread