Mail archive
alpine-devel

Re: [alpine-devel] Re: openssl 1.1 support

From: Natanael Copa <ncopa_at_alpinelinux.org>
Date: Thu, 25 Oct 2018 10:44:50 +0200

On Thu, 25 Oct 2018 10:35:50 +0200
Natanael Copa <ncopa_at_alpinelinux.org> wrote:

> On Wed, 24 Oct 2018 18:47:51 -0500
> William Pitcock <nenolod_at_dereferenced.org> wrote:
>
> ...
>
> > > There are also some patches that fedora uses that we may want. Some of
> > > fedoras patches are for multilib and FIPS support, which I don't think
> > > we care about (yet), but there are some that replaces getenv() with
> > > secure_getenv().
> >
> > I do not think musl have secure_getenv(3) yet.
>
> We don't but its relatively easy to implement same functionality:
>
> inline *char secure_getenv(const char *name) {
> return getauxval(AT_SECURE) ? NULL : getenv(name);
> }
>
> I think it may be good that we do that so that nobody gets a nasty
> surprise if a suid binary is linked to openssl.

It seems that they have applied something to solve that upstream:

https://github.com/openssl/openssl/commit/79c2c741303ed188214b9299a51c837635f7e9a8

I guess we can backport that.

-nc


---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Thu Oct 25 2018 - 10:44:50 GMT