New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't use getenv for critical functions when run as setuid/setgid #5856
Don't use getenv for critical functions when run as setuid/setgid #5856
Conversation
Should this be documented somewhere? Is this just for master? |
Good, point, will add some documentation. |
It is inspired by the automatic configuration thing... |
I can't find where it is documented what OPENSSL_CONF does in libcrypto. |
It should probably be somewhere on this page: https://github.com/openssl/openssl/blob/master/doc/man5/config.pod Probably also here: https://github.com/openssl/openssl/blob/master/doc/man3/OPENSSL_config.pod |
I have also concerns about windows. OPENSSL_issetugid is just a dummy there. |
Documentation added. |
Looks good. Since this is a behavioural change I think an entry in CHANGES is probably a good idea too. |
Ok, done. |
I'll assume @levitte's approval is still valid since only documentation changes were added. |
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #5856)
Merged to master as 284f4f6 |
No description provided.