Re: bin/38327: uu{en,de}code - any reason to use non-portable [sg]etprogname?

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,cheusov%tut.by@localhost
Subject: Re: bin/38327: uu{en,de}code - any reason to use non-portable [sg]etprogname?
From: David Holland <dholland-bugs%netbsd.org@localhost>
Date: Sat, 29 Mar 2008 16:50:03 +0000 (UTC)

The following reply was made to PR bin/38327; it has been noted by GNATS.

From: David Holland <dholland-bugs%netbsd.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost, 
cheusov%tut.by@localhost
Subject: Re: bin/38327: uu{en,de}code - any reason to use non-portable 
[sg]etprogname?
Date: Sat, 29 Mar 2008 16:49:02 +0000

 On Sat, Mar 29, 2008 at 03:55:02PM +0000, Aleksey Cheusov wrote:
  >  Not a discussion :) Just a note.
  >  Using setprogname(argv [0]) may be dangerous for SUID programs.
  >  Invalid argv [0] may be passed through execv(2).

 More to the point, using getprogname() may be dangerous in setugid
 programs. The information comes from argv[0] in any event. Have you
 found any problematic uses?

 (It is roughly similar to how using getenv() may be dangerous in
 setugid programs.)

 -- 
 David A. Holland
 dholland%netbsd.org@localhost

Follow-Ups:
- Re: bin/38327: uu{en,de}code - any reason to use non-portable [sg]etprogname?
  - From: Aleksey Cheusov

Prev by Date: Re: bin/38327: uu{en,de}code - any reason to use non-portable [sg]etprogname?
Next by Date: PR/38327 CVS commit: src/lib/libc/gen
Previous by Thread: Re: bin/38327: uu{en,de}code - any reason to use non-portable [sg]etprogname?
Next by Thread: Re: bin/38327: uu{en,de}code - any reason to use non-portable [sg]etprogname?
Indexes:

Home | Main Index | Thread Index | Old Index