diff options
| author | deraadt <> | 2015-04-11 16:16:15 +0000 |
|---|---|---|
| committer | deraadt <> | 2015-04-11 16:16:15 +0000 |
| commit | 0f4348bfcce7ca22317af7acf3b98ba84ad07eaa (patch) | |
| tree | 4cf4654b69cedb1946aed375cd29d1ff7cc53a6c /src/lib | |
| parent | 3f6d0024da68bdf5d0f128537ac3ed536e6e6a6c (diff) | |
| download | openbsd-0f4348bfcce7ca22317af7acf3b98ba84ad07eaa.tar.gz openbsd-0f4348bfcce7ca22317af7acf3b98ba84ad07eaa.tar.bz2 openbsd-0f4348bfcce7ca22317af7acf3b98ba84ad07eaa.zip | |
Send OPENSSL_issetugid() straight to hell, no final cigarette.
The issetugid() API is supposed to make a strong promise where "0
means it is safe to look at the environment". Way back in the past
someone on the OpenSSL team responded to the environment access danger
by creating a wrapper called OPENSSL_issetugid, and went to use it a
number of places. However, by default on systems lacking true
issetugid(), OPENSSL_issetugid returns 0. 0 indicating safely. False
safety. Which means OPENSSL_issetugid() fails to make any sort of
promise about safety, in fact it is just the opposite.
Can you believe the OpenSSL team?
This nastiness was noticed over the years, however noone could gain traction
and get it fixed in OpenSSL. Also see a paragraph about this in
http://www.tedunangst.com/flak/post/worst-common-denominator-programming
ok jsing
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/crypto.h | 4 | ||||
| -rw-r--r-- | src/lib/libcrypto/crypto/Makefile | 4 | ||||
| -rw-r--r-- | src/lib/libcrypto/crypto/shlib_version | 2 | ||||
| -rw-r--r-- | src/lib/libcrypto/shlib_version | 2 | ||||
| -rw-r--r-- | src/lib/libcrypto/uid.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/crypto.h | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/uid.c | 12 |
7 files changed, 6 insertions, 34 deletions
diff --git a/src/lib/libcrypto/crypto.h b/src/lib/libcrypto/crypto.h index 27b7f3fe02..4012f1c99a 100644 --- a/src/lib/libcrypto/crypto.h +++ b/src/lib/libcrypto/crypto.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: crypto.h,v 1.33 2015/02/07 13:19:15 doug Exp $ */ | 1 | /* $OpenBSD: crypto.h,v 1.34 2015/04/11 16:16:15 deraadt Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -348,8 +348,6 @@ int CRYPTO_is_mem_check_on(void); | |||
| 348 | const char *SSLeay_version(int type); | 348 | const char *SSLeay_version(int type); |
| 349 | unsigned long SSLeay(void); | 349 | unsigned long SSLeay(void); |
| 350 | 350 | ||
| 351 | int OPENSSL_issetugid(void); | ||
| 352 | |||
| 353 | /* An opaque type representing an implementation of "ex_data" support */ | 351 | /* An opaque type representing an implementation of "ex_data" support */ |
| 354 | typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL; | 352 | typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL; |
| 355 | /* Return an opaque pointer to the current "ex_data" implementation */ | 353 | /* Return an opaque pointer to the current "ex_data" implementation */ |
diff --git a/src/lib/libcrypto/crypto/Makefile b/src/lib/libcrypto/crypto/Makefile index 4e8f489c2d..a4e65fd6a6 100644 --- a/src/lib/libcrypto/crypto/Makefile +++ b/src/lib/libcrypto/crypto/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.56 2015/02/10 13:28:17 jsing Exp $ | 1 | # $OpenBSD: Makefile,v 1.57 2015/04/11 16:16:15 deraadt Exp $ |
| 2 | 2 | ||
| 3 | LIB= crypto | 3 | LIB= crypto |
| 4 | 4 | ||
| @@ -27,7 +27,7 @@ CFLAGS+= -I${LCRYPTO_SRC}/modes -I${LCRYPTO_SRC}/asn1 -I${LCRYPTO_SRC}/evp | |||
| 27 | 27 | ||
| 28 | # crypto/ | 28 | # crypto/ |
| 29 | SRCS+= cryptlib.c malloc-wrapper.c mem_dbg.c cversion.c ex_data.c cpt_err.c | 29 | SRCS+= cryptlib.c malloc-wrapper.c mem_dbg.c cversion.c ex_data.c cpt_err.c |
| 30 | SRCS+= uid.c o_time.c o_str.c o_init.c | 30 | SRCS+= o_time.c o_str.c o_init.c |
| 31 | SRCS+= mem_clr.c | 31 | SRCS+= mem_clr.c |
| 32 | 32 | ||
| 33 | # aes/ | 33 | # aes/ |
diff --git a/src/lib/libcrypto/crypto/shlib_version b/src/lib/libcrypto/crypto/shlib_version index 2e4d25cdf5..ed8f7473b5 100644 --- a/src/lib/libcrypto/crypto/shlib_version +++ b/src/lib/libcrypto/crypto/shlib_version | |||
| @@ -1,2 +1,2 @@ | |||
| 1 | major=32 | 1 | major=33 |
| 2 | minor=0 | 2 | minor=0 |
diff --git a/src/lib/libcrypto/shlib_version b/src/lib/libcrypto/shlib_version index 2e4d25cdf5..ed8f7473b5 100644 --- a/src/lib/libcrypto/shlib_version +++ b/src/lib/libcrypto/shlib_version | |||
| @@ -1,2 +1,2 @@ | |||
| 1 | major=32 | 1 | major=33 |
| 2 | minor=0 | 2 | minor=0 |
diff --git a/src/lib/libcrypto/uid.c b/src/lib/libcrypto/uid.c deleted file mode 100644 index c1bd92756b..0000000000 --- a/src/lib/libcrypto/uid.c +++ /dev/null | |||
| @@ -1,12 +0,0 @@ | |||
| 1 | /* $OpenBSD: uid.c,v 1.8 2014/06/12 15:49:27 deraadt Exp $ */ | ||
| 2 | /* | ||
| 3 | * Written by Theo de Raadt. Public domain. | ||
| 4 | */ | ||
| 5 | |||
| 6 | #include <unistd.h> | ||
| 7 | |||
| 8 | int | ||
| 9 | OPENSSL_issetugid(void) | ||
| 10 | { | ||
| 11 | return issetugid(); | ||
| 12 | } | ||
diff --git a/src/lib/libssl/src/crypto/crypto.h b/src/lib/libssl/src/crypto/crypto.h index 27b7f3fe02..4012f1c99a 100644 --- a/src/lib/libssl/src/crypto/crypto.h +++ b/src/lib/libssl/src/crypto/crypto.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: crypto.h,v 1.33 2015/02/07 13:19:15 doug Exp $ */ | 1 | /* $OpenBSD: crypto.h,v 1.34 2015/04/11 16:16:15 deraadt Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -348,8 +348,6 @@ int CRYPTO_is_mem_check_on(void); | |||
| 348 | const char *SSLeay_version(int type); | 348 | const char *SSLeay_version(int type); |
| 349 | unsigned long SSLeay(void); | 349 | unsigned long SSLeay(void); |
| 350 | 350 | ||
| 351 | int OPENSSL_issetugid(void); | ||
| 352 | |||
| 353 | /* An opaque type representing an implementation of "ex_data" support */ | 351 | /* An opaque type representing an implementation of "ex_data" support */ |
| 354 | typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL; | 352 | typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL; |
| 355 | /* Return an opaque pointer to the current "ex_data" implementation */ | 353 | /* Return an opaque pointer to the current "ex_data" implementation */ |
diff --git a/src/lib/libssl/src/crypto/uid.c b/src/lib/libssl/src/crypto/uid.c deleted file mode 100644 index c1bd92756b..0000000000 --- a/src/lib/libssl/src/crypto/uid.c +++ /dev/null | |||
| @@ -1,12 +0,0 @@ | |||
| 1 | /* $OpenBSD: uid.c,v 1.8 2014/06/12 15:49:27 deraadt Exp $ */ | ||
| 2 | /* | ||
| 3 | * Written by Theo de Raadt. Public domain. | ||
| 4 | */ | ||
| 5 | |||
| 6 | #include <unistd.h> | ||
| 7 | |||
| 8 | int | ||
| 9 | OPENSSL_issetugid(void) | ||
| 10 | { | ||
| 11 | return issetugid(); | ||
| 12 | } | ||