This is an automated email from the git hooks/post-receive script.
rharwood pushed a change to branch sadness in repository gssproxy.
at 7f08cf3 Use insecure getenv(3) for GSS_USE_PROXY and GSSPROXY_BEHAVIOR
This branch includes the following new commits:
new 7f08cf3 Use insecure getenv(3) for GSS_USE_PROXY and GSSPROXY_BEHAVIOR
The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference.
This is an automated email from the git hooks/post-receive script.
rharwood pushed a commit to branch sadness in repository gssproxy.
commit 7f08cf35404395785869df33214ce4c236463825 Author: Robbie Harwood rharwood@redhat.com Date: Thu Mar 30 15:23:53 2017 -0400
Use insecure getenv(3) for GSS_USE_PROXY and GSSPROXY_BEHAVIOR
There are no known security consequences of this other than self-DOS. Signed-off-by: Robbie Harwood rharwood@redhat.com --- proxy/src/mechglue/gss_plugin.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/proxy/src/mechglue/gss_plugin.c b/proxy/src/mechglue/gss_plugin.c index d735537..8f47c4e 100644 --- a/proxy/src/mechglue/gss_plugin.c +++ b/proxy/src/mechglue/gss_plugin.c @@ -41,7 +41,8 @@ enum gpp_behavior gpp_get_behavior(void) char *envval;
if (behavior == GPP_UNINITIALIZED) { - envval = gp_getenv("GSSPROXY_BEHAVIOR"); + /* insecure getenv(3) to placate NFS */ + envval = getenv("GSSPROXY_BEHAVIOR"); if (envval) { if (strcmp(envval, "LOCAL_ONLY") == 0) { behavior = GPP_LOCAL_ONLY; @@ -77,9 +78,8 @@ gss_OID_set gss_mech_interposer(gss_OID mech_type) OM_uint32 maj, min; char *envval;
- /* avoid looping in the gssproxy daemon by avoiding to interpose - * any mechanism */ - envval = gp_getenv("GSS_USE_PROXY"); + /* use insecure getenv(3) to placate NFS */ + envval = getenv("GSS_USE_PROXY"); if (!envval) { return NULL; } @@ -88,6 +88,7 @@ gss_OID_set gss_mech_interposer(gss_OID mech_type) return NULL; }
+ /* avoid looping in the gssproxy daemon by not interposing every mech */ interposed_mechs = NULL; maj = 0; if (gss_oid_equal(&gssproxy_mech_interposer, mech_type)) {
gss-proxy@lists.fedorahosted.org