diff options
| author | tedu <> | 2014-07-11 09:24:03 +0000 |
|---|---|---|
| committer | tedu <> | 2014-07-11 09:24:03 +0000 |
| commit | 4b550e7e97a6068d5f18fbfc47b22d8b4faa4ff6 (patch) | |
| tree | 339b6811d9d3ae49bbc421203d8967d658bbb125 /src | |
| parent | 3496a8589fa0454648b85a78bcc241a5c1d89735 (diff) | |
| download | openbsd-4b550e7e97a6068d5f18fbfc47b22d8b4faa4ff6.tar.gz openbsd-4b550e7e97a6068d5f18fbfc47b22d8b4faa4ff6.tar.bz2 openbsd-4b550e7e97a6068d5f18fbfc47b22d8b4faa4ff6.zip | |
better document perils of setuid getenv and xr with issetugid
ok deraadt
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libc/stdlib/getenv.3 | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/lib/libc/stdlib/getenv.3 b/src/lib/libc/stdlib/getenv.3 index 2333559516..ce2ef43b6f 100644 --- a/src/lib/libc/stdlib/getenv.3 +++ b/src/lib/libc/stdlib/getenv.3 | |||
| @@ -29,9 +29,9 @@ | |||
| 29 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 29 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 30 | .\" SUCH DAMAGE. | 30 | .\" SUCH DAMAGE. |
| 31 | .\" | 31 | .\" |
| 32 | .\" $OpenBSD: getenv.3,v 1.20 2014/04/21 08:46:59 guenther Exp $ | 32 | .\" $OpenBSD: getenv.3,v 1.21 2014/07/11 09:24:03 tedu Exp $ |
| 33 | .\" | 33 | .\" |
| 34 | .Dd $Mdocdate: April 21 2014 $ | 34 | .Dd $Mdocdate: July 11 2014 $ |
| 35 | .Dt GETENV 3 | 35 | .Dt GETENV 3 |
| 36 | .Os | 36 | .Os |
| 37 | .Sh NAME | 37 | .Sh NAME |
| @@ -145,6 +145,7 @@ function failed because it was unable to allocate memory for the environment. | |||
| 145 | .Xr csh 1 , | 145 | .Xr csh 1 , |
| 146 | .Xr sh 1 , | 146 | .Xr sh 1 , |
| 147 | .Xr execve 2 , | 147 | .Xr execve 2 , |
| 148 | .Xr issetugid 2 , | ||
| 148 | .Xr environ 7 | 149 | .Xr environ 7 |
| 149 | .Sh STANDARDS | 150 | .Sh STANDARDS |
| 150 | The | 151 | The |
| @@ -175,3 +176,10 @@ The | |||
| 175 | .Fn putenv | 176 | .Fn putenv |
| 176 | function appeared in | 177 | function appeared in |
| 177 | .Bx 4.3 Reno . | 178 | .Bx 4.3 Reno . |
| 179 | .Sh CAVEATS | ||
| 180 | Library code must be careful about using | ||
| 181 | .Fn getenv | ||
| 182 | to read untrusted environment variables in setuid programs. | ||
| 183 | The | ||
| 184 | .Fn issetugid | ||
| 185 | function is provided for this purpose. | ||