Mercurial > gnulib
changeset 18324:d069a85b1ccd
secure_getenv: Port to many more platforms.
* m4/secure_getenv.m4 (gl_PREREQ_SECURE_GETENV): Also check for get*id
functions.
* lib/secure_getenv.c (secure_getenv): Add alternate implementations
for non-BSD Unix platforms and for native Windows.
* doc/glibc-functions/secure_getenv.texi: Remove known issue.
Prompted by a request from Nikos Mavrogiannopoulos.
author | Bruno Haible <bruno@clisp.org> |
---|---|
date | Sun, 29 May 2016 12:54:32 +0200 |
parents | 3b9fb0246d6b |
children | 33db65a13e67 |
files | ChangeLog doc/glibc-functions/secure_getenv.texi lib/secure_getenv.c m4/secure_getenv.m4 |
diffstat | 4 files changed, 33 insertions(+), 13 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Sat May 28 08:39:46 2016 -0700 +++ b/ChangeLog Sun May 29 12:54:32 2016 +0200 @@ -1,3 +1,13 @@ +2016-05-29 Bruno Haible <bruno@clisp.org> + + secure_getenv: Port to many more platforms. + * m4/secure_getenv.m4 (gl_PREREQ_SECURE_GETENV): Also check for get*id + functions. + * lib/secure_getenv.c (secure_getenv): Add alternate implementations + for non-BSD Unix platforms and for native Windows. + * doc/glibc-functions/secure_getenv.texi: Remove known issue. + Prompted by a request from Nikos Mavrogiannopoulos. + 2016-05-27 Eric Blake <eblake@redhat.com> canonicalize: Fix broken probe for realpath.
--- a/doc/glibc-functions/secure_getenv.texi Sat May 28 08:39:46 2016 -0700 +++ b/doc/glibc-functions/secure_getenv.texi Sun May 29 12:54:32 2016 +0200 @@ -15,8 +15,4 @@ Portability problems not fixed by Gnulib: @itemize -@item -On platforms other than glibc 2.0 and later, the Gnulib replacement -function always returns a null pointer, even when invoked in a -non-setuid program. @end itemize
--- a/lib/secure_getenv.c Sat May 28 08:39:46 2016 -0700 +++ b/lib/secure_getenv.c Sun May 29 12:54:32 2016 +0200 @@ -1,4 +1,4 @@ -/* Look up an environment variable more securely. +/* Look up an environment variable, returning NULL in insecure situations. Copyright 2013-2016 Free Software Foundation, Inc. @@ -20,22 +20,35 @@ #include <stdlib.h> #if !HAVE___SECURE_GETENV -# if HAVE_ISSETUGID +# if HAVE_ISSETUGID || (HAVE_GETUID && HAVE_GETEUID && HAVE_GETGID && HAVE_GETEGID) # include <unistd.h> -# else -# undef issetugid -# define issetugid() 1 # endif #endif char * secure_getenv (char const *name) { -#if HAVE___SECURE_GETENV +#if HAVE___SECURE_GETENV /* glibc */ return __secure_getenv (name); +#elif HAVE_ISSETUGID /* OS X, FreeBSD, NetBSD, OpenBSD */ + if (issetugid ()) + return NULL; + return getenv (name); +#elif HAVE_GETUID && HAVE_GETEUID && HAVE_GETGID && HAVE_GETEGID /* other Unix */ + if (geteuid () != getuid () || getegid () != getgid ()) + return NULL; + return getenv (name); +#elif (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__ /* native Windows */ + /* On native Windows, there is no such concept as setuid or setgid binaries. + - Programs launched as system services have high privileges, but they don't + inherit environment variables from a user. + - Programs launched by a user with "Run as Administrator" have high + privileges and use the environment variables, but the user has been asked + whether he agrees. + - Programs launched by a user without "Run as Administrator" cannot gain + high privileges, therefore there is no risk. */ + return getenv (name); #else - if (issetugid ()) - return 0; - return getenv (name); + return NULL; #endif }