[krbdev.mit.edu #8566] krb5_init_context() should detect set-uid-ness

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[krbdev.mit.edu #8566] krb5_init_context() should detect set-uid-ness

Greg Hudson via RT
I am a bit concerned that using the broken issetugid() on FreeBSD (and
NetBSD, if it's also broken there) could break legitimate uses of
Kerberos environment variables with httpd.  Of course we can address
that, at least partially, by limiting our use of issetugid() to
platforms where it is known not to be broken.
_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [krbdev.mit.edu #8566] krb5_init_context() should detect set-uid-ness

Greg Hudson via RT
https://github.com/heimdal/heimdal/pull/270

Adds more intelligence to issuid():

 - if AT_EXECPATH/AT_EXECFN/AT_SUN_EXECNAME is set, it will stat() that
   to see if that file is set-uid/set-gid

 - it will more intelligently detect getauxval() implementations that do
   not set errno = ENOENT when the type is not found and will try
   reading /proc/self/auxv if it is available

 - it will use getresuid() and getregid() if available as part of the
   last ditch effort (that now should only apply to non-ELF programs)

 - it will memoize its results to avoid doing slow things repeatedly

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
Loading...