[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Limiting environment use for setuid/setgid programs only?
From: |
Thomas Dickey |
Subject: |
Re: Limiting environment use for setuid/setgid programs only? |
Date: |
Sat, 15 Apr 2023 07:47:45 -0400 |
On Sat, Apr 15, 2023 at 10:29:38AM +0200, Sven Joachim wrote:
> The ramifications of CVE-2023-29491 can be limited by configuring
> ncurses with --disable-root-environ. However, this disables all use of
> the ncurses environment variables by the superuser which has the
> potential to break scripts and makefiles.
>
> Would it be possible to add a new option that only limits environment
> use for setuid/setgid programs, like the --disable-root-access behavior?
Sure, I suppose so (perhaps not today)
--
Thomas E. Dickey <dickey@invisible-island.net>
https://invisible-island.net
signature.asc
Description: PGP signature