Limiting environment use for setuid/setgid programs only?

bug-ncurses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Limiting environment use for setuid/setgid programs only?

From:	Sven Joachim
Subject:	Limiting environment use for setuid/setgid programs only?
Date:	Sat, 15 Apr 2023 10:29:38 +0200
User-agent:	Gnus/5.13 (Gnus v5.13)

The ramifications of CVE-2023-29491 can be limited by configuring
ncurses with --disable-root-environ.  However, this disables all use of
the ncurses environment variables by the superuser which has the
potential to break scripts and makefiles.

Would it be possible to add a new option that only limits environment
use for setuid/setgid programs, like the --disable-root-access behavior?

Cheers,
       Sven

[Prev in Thread]

Current Thread

[Next in Thread]

Limiting environment use for setuid/setgid programs only?, Sven Joachim <=
- Re: Limiting environment use for setuid/setgid programs only?, Thomas Dickey, 2023/04/15
  - Re: Limiting environment use for setuid/setgid programs only?, Thomas Dickey, 2023/04/15
    - Re: Limiting environment use for setuid/setgid programs only?, Thomas Dickey, 2023/04/15
- Re: Limiting environment use for setuid/setgid programs only?, Thomas Dickey, 2023/04/17
  - Re: Limiting environment use for setuid/setgid programs only?, Sven Joachim, 2023/04/19

Prev by Date: configure option --disable-root-access does not work
Next by Date: Re: Limiting environment use for setuid/setgid programs only?
Previous by thread: configure option --disable-root-access does not work
Next by thread: Re: Limiting environment use for setuid/setgid programs only?
Index(es):
- Date
- Thread