[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] xscreensaver package caps gets raw socket
From:       Alan Coopersmith <alan.coopersmith () oracle ! com>
Date:       2021-04-18 17:29:56
Message-ID: bc3a6689-bbcd-612f-e9f8-e94543cf39fa () oracle ! com
[Download RAW message or body]

On 4/17/21 5:51 PM, Érico Nogueira wrote:
> Using `secure_getenv` in some of these cases would probably work as well as 
> checking `getauxval(AT_SECURE)`, especially because it seems (from my quick 
> search over at <https://man.bsd.lv>) that both are Linux specific anyway.

Solaris also has secure_getenv since the 11.3.10 release.  It uses the
issetugid() call that's been available since Solaris 9 (2002) and which
is also available in FreeBSD & OpenBSD:

https://man.openbsd.org/issetugid.2
https://www.freebsd.org/cgi/man.cgi?query=issetugid&sektion=2
https://docs.oracle.com/cd/E88353_01/html/E37841/issetugid-2.html

Though Nico Williams warns not all implementations work the same way:
https://gist.github.com/nicowilliams/4daf74a3a0c86848d3cbd9d0cdb5e26e

-- 
	-Alan Coopersmith-               alan.coopersmith@oracle.com
	 Oracle Solaris Engineering - https://blogs.oracle.com/alanc
[prev in list] [next in list] [prev in thread] [next in thread]