[openssl-dev] [openssl.org #2532] [PATCH] Fix insufficient privilege checking
Viktor Dukhovni
openssl-users at dukhovni.org
Thu Feb 4 20:50:27 UTC 2016
> On Feb 4, 2016, at 3:37 PM, Rich Salz via RT <rt at openssl.org> wrote:
>
> Rather than replacing all the getenv() calls, a simple wrapper like
> OPENSSL_safe_getenv() that includes the issetguid test seems a lot cleaner. And
> the config changes needed to be ported up to master.
Where available, this should use the native safe getenv() interface, rather
than just do issetugid() directly:
http://man7.org/linux/man-pages/man3/getenv.3.html
--
Viktor.
More information about the openssl-dev
mailing list