Re: _nc_env_access also denies non-root users from reading env vars

bug-ncurses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: _nc_env_access also denies non-root users from reading env vars

From:	Thomas Dickey
Subject:	Re: _nc_env_access also denies non-root users from reading env vars
Date:	Sun, 29 Aug 2021 06:31:20 -0400 (EDT)

----- Original Message -----
| From: "Arnavion" <me@arnavion.dev>
| To: "Ncurses Mailing List" <bug-ncurses@gnu.org>
| Sent: Sunday, August 29, 2021 5:36:23 AM
| Subject: Re: _nc_env_access also denies non-root users from reading env vars

| On Sat, Aug 28, 2021 at 12:33 AM Arnavion <me@arnavion.dev> wrote:
|> That is, it should've been:
|>
|> +    } else if ((getuid() == ROOT_UID) || (geteuid() == ROOT_UID)) {
|> +       result = FALSE;
|> +    }
|>
| 
| Thomas, I see patch 20210828 has:
| 
| -    } else if ((getuid() != ROOT_UID) && (geteuid() != ROOT_UID)) {
| +    } else if ((getuid() == ROOT_UID) && (geteuid() == ROOT_UID)) {
|        result = FALSE;
| 
| Did you mean to have that be && and not || ? The code before 20210626
| would've disallowed suid binaries from reading the env vars.
| The code after 20210828 will allow them.

probably :-(

I got to this late, and had to leave early

-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://ftp.invisible-island.net

[Prev in Thread]

Current Thread

[Next in Thread]

_nc_env_access also denies non-root users from reading env vars, Arnavion, 2021/08/28
- Re: _nc_env_access also denies non-root users from reading env vars, Arnavion, 2021/08/29
  - Re: _nc_env_access also denies non-root users from reading env vars, Thomas Dickey <=

Prev by Date: Re: _nc_env_access also denies non-root users from reading env vars
Next by Date: request for channel for bug report
Previous by thread: Re: _nc_env_access also denies non-root users from reading env vars
Next by thread: ANN: ncurses-6.2-20210828
Index(es):
- Date
- Thread