[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Limiting environment use for setuid/setgid programs only?
From: |
Sven Joachim |
Subject: |
Limiting environment use for setuid/setgid programs only? |
Date: |
Sat, 15 Apr 2023 10:29:38 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) |
The ramifications of CVE-2023-29491 can be limited by configuring
ncurses with --disable-root-environ. However, this disables all use of
the ncurses environment variables by the superuser which has the
potential to break scripts and makefiles.
Would it be possible to add a new option that only limits environment
use for setuid/setgid programs, like the --disable-root-access behavior?
Cheers,
Sven
- Limiting environment use for setuid/setgid programs only?,
Sven Joachim <=