|
Message-ID: <CAH5b-BXJwgK-3snZyGc=cUrTxstwsBsLTstZzeDQ5DesKPh-DA@mail.gmail.com> Date: Wed, 11 Jul 2012 16:12:09 +0200 From: yersinia <yersinia.spiros@...il.com> To: oss-security@...ts.openwall.com Subject: Re: libdbus hardening Dunno if OT. But exists in other linux libc implementation similar more secure alternatives to getenv ? Thanks 2012/7/11, Solar Designer <solar@...nwall.com>: > On Wed, Jul 11, 2012 at 11:05:03AM +0200, Sebastian Krahmer wrote: >> Ok. We are not in a hurry. I added the new patch to >> >> https://bugzilla.novell.com/show_bug.cgi?id=697105 >> >> using __secure_getenv(). > > You could want to add a #warning after the #else (when __secure_getenv > is not detected by the configure script), although I'd prefer these > things to be fail-close (build failing if __secure_getenv is expected to > be present, but is not detected). This is an issue with > security-related autoconf checks in general. > > Alexander > -- Inviato dal mio dispositivo mobile
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.