From 0f4348bfcce7ca22317af7acf3b98ba84ad07eaa Mon Sep 17 00:00:00 2001 From: deraadt <> Date: Sat, 11 Apr 2015 16:16:15 +0000 Subject: Send OPENSSL_issetugid() straight to hell, no final cigarette. The issetugid() API is supposed to make a strong promise where "0 means it is safe to look at the environment". Way back in the past someone on the OpenSSL team responded to the environment access danger by creating a wrapper called OPENSSL_issetugid, and went to use it a number of places. However, by default on systems lacking true issetugid(), OPENSSL_issetugid returns 0. 0 indicating safely. False safety. Which means OPENSSL_issetugid() fails to make any sort of promise about safety, in fact it is just the opposite. Can you believe the OpenSSL team? This nastiness was noticed over the years, however noone could gain traction and get it fixed in OpenSSL. Also see a paragraph about this in http://www.tedunangst.com/flak/post/worst-common-denominator-programming ok jsing --- src/lib/libcrypto/uid.c | 12 ------------ 1 file changed, 12 deletions(-) delete mode 100644 src/lib/libcrypto/uid.c (limited to 'src/lib/libcrypto/uid.c') diff --git a/src/lib/libcrypto/uid.c b/src/lib/libcrypto/uid.c deleted file mode 100644 index c1bd92756b..0000000000 --- a/src/lib/libcrypto/uid.c +++ /dev/null @@ -1,12 +0,0 @@ -/* $OpenBSD: uid.c,v 1.8 2014/06/12 15:49:27 deraadt Exp $ */ -/* - * Written by Theo de Raadt. Public domain. - */ - -#include - -int -OPENSSL_issetugid(void) -{ - return issetugid(); -} -- cgit v1.2.3-55-g6feb