[openssl-dev] [openssl.org #2532] [PATCH] Fix insufficient privilege checking
Rich Salz via RT
rt at openssl.org
Thu Feb 4 20:37:39 UTC 2016
This is interesting, although unfortunately it's been years since we looked at
it and it is out of date.
Rather than replacing all the getenv() calls, a simple wrapper like
OPENSSL_safe_getenv() that includes the issetguid test seems a lot cleaner. And
the config changes needed to be ported up to master.
If anyone does that and makes a PR on github, we'll review it. Closing this for
now.
--
Rich Salz, OpenSSL dev team; rsalz at openssl.org
-------------------------------------------------------------------------
http://rt.openssl.org/Ticket/Display.html?id=2532
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list