From patchwork Sun Aug 10 07:46:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vivien Kraus X-Patchwork-Id: 118138 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id DA9D93858D33 for ; Sun, 10 Aug 2025 07:53:11 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DA9D93858D33 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, secure) header.d=planete-kraus.eu header.i=@planete-kraus.eu header.a=rsa-sha1 header.s=albinoniA header.b=cpm+rP1+ X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from planete-kraus.eu (planete-kraus.eu [IPv6:2a00:5881:4008:2810::309]) by sourceware.org (Postfix) with ESMTPS id 833243858C78 for ; Sun, 10 Aug 2025 07:47:11 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 833243858C78 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=planete-kraus.eu Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=planete-kraus.eu ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 833243858C78 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2a00:5881:4008:2810::309 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1754812031; cv=none; b=Wz16jRRBTENJvlTK8So7htB5Bm49crtg27JBXvKH91sABwODhDyBd5EWOP31k56wndWuIUIqBNxz/EXp0KnervPg6JV9uFO9yW4r7rZCSzdb/M5+w1QNbjGJxCK6Kjqke0nnmJYmpjO702bN9cZr3Ghvm41OGU6yDXRDYMak9xk= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1754812031; c=relaxed/simple; bh=pFeScogVsVHltSxR64iiyM6D/ktitB952on31L9+m00=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=Vht7mpLQ0A+mQ2MOyXd5AsUnc2mVqzTDYrPy5k4AS0TTVyFQ0y5fvKy3PodV/cc4/RBu6NIW9heOWj4Ym0U7loJSvhZkHadxATjLOu29SB1Na4Uzn3EpejONXmShNVmuxu2W0yIBj8z++IBqO9pYaxMIuxgCKa7iqyiRsi4Oavg= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 833243858C78 Received: from planete-kraus.eu (localhost [127.0.0.1]) by planete-kraus.eu (OpenSMTPD) with ESMTP id 093132c3 for ; Sun, 10 Aug 2025 07:47:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=planete-kraus.eu; h=from :to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=albinoniA; bh=+67GtQE RnH6fW8O5QRp4KkqN3wY=; b=cpm+rP1+YizTESjmhjwBMU9X0oCTr19kdJZVjiH vSQFujeKTHgwagS8XqNQAjeLBwYvu4AzjGMyrJPCy62XOX+/L4EsjxI3GOODly4T 0e1dJZNNb+bAStdBnBJ6otUGR8mkNeLSpTk0kG55NWF3bA9CuahG8BhH4wbJ2Jno xyB+3siYTJ6Gsg3ovLB1YfqsaErWQuGK7yxsmVIBgqcX496yPsI9dlMOrkNQ4mhS ANg6iafnjp+L5uEAXv6bbAJbsSRkirv8Ro82y3+leQ+GiDa88Lr2XAP3e7yQ/O5i 9eP4NYA3113qm9ttAVCQRP9AcvRkF2cVv4KAUW1amX1gEiw== Received: by planete-kraus.eu (OpenSMTPD) with ESMTPSA id eb92133d (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO); Sun, 10 Aug 2025 07:46:59 +0000 (UTC) From: Vivien Kraus To: libc-alpha@sourceware.org Cc: Vivien Kraus Subject: [PATCH v10 5/8] posix: do not allow option name translations for secure programs Date: Sun, 10 Aug 2025 09:46:28 +0200 Message-Id: <20250810074631.1707448-6-vivien@planete-kraus.eu> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250810074631.1707448-1-vivien@planete-kraus.eu> References: <68a758ae45c064bad35bfec73c3d5ffd050398e3.1748369494.git.vivien@planete-kraus.eu> <20250810074631.1707448-1-vivien@planete-kraus.eu> MIME-Version: 1.0 X-Spam-Status: No, score=-12.5 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, SPF_HELO_PASS, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org SETUID / SETGID / AT_SECURE programs should not accept translated names, so that the programmer knows exactly how the program can be invoked. --- posix/getopt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/posix/getopt.c b/posix/getopt.c index 28c8aa4bbf..6b235fa4e3 100644 --- a/posix/getopt.c +++ b/posix/getopt.c @@ -197,7 +197,7 @@ match_translated_option_name (char *(*translate) (const char *, const char *, const char *opt_name) { const char *translated = opt_name; - if (translate) + if (translate != NULL && !__libc_enable_secure) translated = translate (opt_textdomain, translation_context, opt_name); return (!strncmp (translated, argument, argument_length) && argument_length == strlen (translated));