diff mbox series

[v22,5/9] posix: do not allow option name translations for secure programs

Message ID 0f4a0180b879bfd9a05c841af1e425a52296f1c0.1776957778.git.vivien@planete-kraus.eu (mailing list archive)
State New
Headers
Series Support translated long option names in getopt and argp |

Checks

Context Check Description
redhat-pt-bot/TryBot-apply_patch success Patch applied to master at the time it was sent

Commit Message

Vivien Kraus April 23, 2026, 4:04 p.m. UTC 
  SETUID / SETGID / AT_SECURE programs should not accept translated
names, so that the programmer knows exactly how the program can be
invoked.
---
 posix/getopt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/posix/getopt.c b/posix/getopt.c
index ae823eec29..399abeea74 100644
--- a/posix/getopt.c
+++ b/posix/getopt.c
@@ -199,7 +199,7 @@  match_translated_option_name (char *(*translate) (const char *, const char *,
   const char *translated = opt_name;
   char *translation_buffer = NULL;
   bool matches = false;
-  if (translate != NULL)
+  if (translate != NULL && !__libc_enable_secure)
     translated = translate (opt_textdomain, translation_context,
 			    opt_name, &translation_buffer);