mirror of
https://git.yoctoproject.org/meta-security
synced 2026-05-07 04:58:47 +00:00
Jackie Huang
1c3afde094
libgssglue exports a gssapi interface which calls other gssapi libraries. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
44 lines
1.2 KiB
Diff
44 lines
1.2 KiB
Diff
Use secure_getenv instead of getenv for setuid programs
|
|
|
|
(bnc#694598 CVE-2011-2709 bnc#831805)
|
|
|
|
import from:
|
|
https://build.opensuse.org/package/view_file/openSUSE:Factory/libgssglue/secure-getenv.patch
|
|
|
|
Upstream-Status: Pending
|
|
|
|
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
|
|
|
|
diff --git a/src/g_initialize.c b/src/g_initialize.c
|
|
index 200f173..935a9fa 100644
|
|
--- a/src/g_initialize.c
|
|
+++ b/src/g_initialize.c
|
|
@@ -26,6 +26,7 @@
|
|
* This function will initialize the gssapi mechglue library
|
|
*/
|
|
|
|
+#define _GNU_SOURCE
|
|
#include "mglueP.h"
|
|
#include <stdlib.h>
|
|
|
|
@@ -197,8 +198,7 @@ static void solaris_initialize ()
|
|
void *dl;
|
|
gss_mechanism (*sym)(void), mech;
|
|
|
|
- if ((getuid() != geteuid()) ||
|
|
- ((filename = getenv("GSSAPI_MECH_CONF")) == NULL))
|
|
+ if ((filename = secure_getenv("GSSAPI_MECH_CONF")) == NULL)
|
|
filename = MECH_CONF;
|
|
|
|
if ((conffile = fopen(filename, "r")) == NULL) {
|
|
@@ -274,8 +274,7 @@ static void linux_initialize ()
|
|
void *dl;
|
|
gss_mechanism (*sym)(void), mech;
|
|
|
|
- if ((getuid() != geteuid()) ||
|
|
- ((filename = getenv("GSSAPI_MECH_CONF")) == NULL))
|
|
+ if ((filename = secure_getenv("GSSAPI_MECH_CONF")) == NULL)
|
|
filename = MECH_CONF;
|
|
|
|
if ((conffile = fopen(filename, "r")) == NULL) {
|