On Mon, Jul 03, 2017 at 04:08:10PM +0200, Thomas Schwinge wrote:
> > And IMNSHO GOMP_DEBUG too.
>
> But why that? Isn't GOMP_DEBUG just controlling terminal debugging
> output (that you'd also like to see in setuid/setgid programs)?
The output could go into stderr, which could very well be redirected into
some file and some other program could be expecting specific content in
there. So allowing an attacker to add there other stuff is really
dangerous. If you want to use GOMP_DEBUG on suid/sgid processes, just
run them under root.
Jakub
