Bug#368297: About the libgcrypt and OpenLDAP issue
Werner Koch
wk at gnupg.org
Sat Apr 20 00:04:12 UTC 2013
On Sat, 20 Apr 2013 01:35, clopez at igalia.com said:
> I think it would be a good idea to add this feature to libgcrypt.
See attached patch against master. It is not tested, though. You may
backport it to 1.5 and use it like this:
#if GCRYPT_VERSION_NUMBER > 0x010502
gcry_control (GCRYCTL_DISABLE_PRIV_DROP, 0);
#endif /* libgcrypt > 1.5.2 */
> However, I don't think that it would help us with this specific Debian
> bug because it would be implemented as an optional feature.
I can't understand what you want to say.
> And the suid application (sudo/su/passwd/...) can't know anything about
> libgcrypt, so it can't set this flag or any other libgcrypt flag.
The application (sudo,su,passwd) needs to set this flag! No library is
able to know what the applications wants. Optionally you may put
wrappers in the mentioned libraries, but that makes things more
complicated and fragile.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-control-commands-to-disable-mlock-and-setuid-dro.patch
Type: text/x-diff
Size: 7208 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20130420/8164b307/attachment-0001.patch>
More information about the Pkg-gnutls-maint
mailing list