security,unix: audit use of process.env in lib/ for setuid binary (!18511) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge github/fork/j0t3x/envsecurityaudit into master Feb 01, 2018

Wrapped SafeGetenv() in util binding with the purpose of protecting the cases when env vars are accessed with the privileges of another user in jsland.

Fixes: https://github.com/nodejs/node/issues/9160

Checklist

make -j4 test (UNIX), or vcbuild test (Windows) passes
tests and/or benchmarks are included
commit message follows commit guidelines

Affected core subsystem(s)

os, module, util binding

Admin message

Admin message

security,unix: audit use of process.env in lib/ for setuid binary

Checklist

Affected core subsystem(s)

Merge request reports