Bug#718285: p11-kit: issetugid() should be prefered over getauxval()
Petr Salinger
Petr.Salinger at seznam.cz
Mon Jul 29 16:49:10 UTC 2013
Package: p11-kit
Version: 0.18.5-1
Severity: serious
User: debian-bsd at lists.debian.org
Usertags: kfreebsd
Hi,
this is follow up to #717912.
While the libc header can be fixed, the use case in p11-kit is wrong one.
Please try convince upstream to prefer issetugid()
and use getauxval() only under linux.
I expect that
https://bugs.freedesktop.org/show_bug.cgi?id=67451
have the same reason ...
Petr
-------------------------------------------------------------------------
> p11-kit 0.18.5 uses getauxval (AT_SECURE) to detect SUID or SGID execution.
> It checks at configure time for the function with
> AC_CHECK_FUNCS([getauxval], but not whether AT_SECURE works. If
> getauxval is missing a replacement will be used. The fact that
> getauxval(AT_SECURE) does not throw a compiler error on freebsd (as
> in: error: 'AT_SECURE' undeclared) makes writing a configure test
> unnecessarily complicated.
Blindly using getauxval() for detecting issetugid () is wrong approach,
especially for security detection.
Please see man page:
RETURN VALUE
On success, getauxval() returns the value corresponding to type. If type
is not found, 0 is returned.
ERRORS
No errors are diagnosed.
There is no guarantee, that when AT_SECURE is defined,
it will be also supplied by kernel.
More information about the Pkg-gnutls-maint
mailing list