Re: Limiting environment use for setuid/setgid programs only?

bug-ncurses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Limiting environment use for setuid/setgid programs only?

From:	Thomas Dickey
Subject:	Re: Limiting environment use for setuid/setgid programs only?
Date:	Sat, 15 Apr 2023 07:47:45 -0400

On Sat, Apr 15, 2023 at 10:29:38AM +0200, Sven Joachim wrote:
> The ramifications of CVE-2023-29491 can be limited by configuring
> ncurses with --disable-root-environ.  However, this disables all use of
> the ncurses environment variables by the superuser which has the
> potential to break scripts and makefiles.
> 
> Would it be possible to add a new option that only limits environment
> use for setuid/setgid programs, like the --disable-root-access behavior?

Sure, I suppose so (perhaps not today)

-- 
Thomas E. Dickey <dickey@invisible-island.net>
https://invisible-island.net

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Limiting environment use for setuid/setgid programs only?, Sven Joachim, 2023/04/15
- Re: Limiting environment use for setuid/setgid programs only?, Thomas Dickey <=
  - Re: Limiting environment use for setuid/setgid programs only?, Thomas Dickey, 2023/04/15
    - Re: Limiting environment use for setuid/setgid programs only?, Thomas Dickey, 2023/04/15
- Re: Limiting environment use for setuid/setgid programs only?, Thomas Dickey, 2023/04/17
  - Re: Limiting environment use for setuid/setgid programs only?, Sven Joachim, 2023/04/19

Prev by Date: Limiting environment use for setuid/setgid programs only?
Next by Date: Re: configure option --disable-root-access does not work
Previous by thread: Limiting environment use for setuid/setgid programs only?
Next by thread: Re: Limiting environment use for setuid/setgid programs only?
Index(es):
- Date
- Thread