Mercurial > gnulib

changeset 18324:d069a85b1ccd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
secure_getenv: Port to many more platforms. * m4/secure_getenv.m4 (gl_PREREQ_SECURE_GETENV): Also check for get*id functions. * lib/secure_getenv.c (secure_getenv): Add alternate implementations for non-BSD Unix platforms and for native Windows. * doc/glibc-functions/secure_getenv.texi: Remove known issue. Prompted by a request from Nikos Mavrogiannopoulos.
author Bruno Haible <bruno@clisp.org>
date Sun, 29 May 2016 12:54:32 +0200
parents 3b9fb0246d6b
children 33db65a13e67
files ChangeLog doc/glibc-functions/secure_getenv.texi lib/secure_getenv.c m4/secure_getenv.m4
diffstat 4 files changed, 33 insertions(+), 13 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Sat May 28 08:39:46 2016 -0700
+++ b/ChangeLog	Sun May 29 12:54:32 2016 +0200
@@ -1,3 +1,13 @@
+2016-05-29  Bruno Haible  <bruno@clisp.org>
+
+	secure_getenv: Port to many more platforms.
+	* m4/secure_getenv.m4 (gl_PREREQ_SECURE_GETENV): Also check for get*id
+	functions.
+	* lib/secure_getenv.c (secure_getenv): Add alternate implementations
+	for non-BSD Unix platforms and for native Windows.
+	* doc/glibc-functions/secure_getenv.texi: Remove known issue.
+	Prompted by a request from Nikos Mavrogiannopoulos.
+
 2016-05-27  Eric Blake  <eblake@redhat.com>
 
 	canonicalize: Fix broken probe for realpath.
--- a/doc/glibc-functions/secure_getenv.texi	Sat May 28 08:39:46 2016 -0700
+++ b/doc/glibc-functions/secure_getenv.texi	Sun May 29 12:54:32 2016 +0200
@@ -15,8 +15,4 @@
 
 Portability problems not fixed by Gnulib:
 @itemize
-@item
-On platforms other than glibc 2.0 and later, the Gnulib replacement
-function always returns a null pointer, even when invoked in a
-non-setuid program.
 @end itemize
--- a/lib/secure_getenv.c	Sat May 28 08:39:46 2016 -0700
+++ b/lib/secure_getenv.c	Sun May 29 12:54:32 2016 +0200
@@ -1,4 +1,4 @@
-/* Look up an environment variable more securely.
+/* Look up an environment variable, returning NULL in insecure situations.
 
    Copyright 2013-2016 Free Software Foundation, Inc.
 
@@ -20,22 +20,35 @@
 #include <stdlib.h>
 
 #if !HAVE___SECURE_GETENV
-# if HAVE_ISSETUGID
+# if HAVE_ISSETUGID || (HAVE_GETUID && HAVE_GETEUID && HAVE_GETGID && HAVE_GETEGID)
 #  include <unistd.h>
-# else
-#  undef issetugid
-#  define issetugid() 1
 # endif
 #endif
 
 char *
 secure_getenv (char const *name)
 {
-#if HAVE___SECURE_GETENV
+#if HAVE___SECURE_GETENV /* glibc */
   return __secure_getenv (name);
+#elif HAVE_ISSETUGID /* OS X, FreeBSD, NetBSD, OpenBSD */
+  if (issetugid ())
+    return NULL;
+  return getenv (name);
+#elif HAVE_GETUID && HAVE_GETEUID && HAVE_GETGID && HAVE_GETEGID /* other Unix */
+  if (geteuid () != getuid () || getegid () != getgid ())
+    return NULL;
+  return getenv (name);
+#elif (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__ /* native Windows */
+  /* On native Windows, there is no such concept as setuid or setgid binaries.
+     - Programs launched as system services have high privileges, but they don't
+       inherit environment variables from a user.
+     - Programs launched by a user with "Run as Administrator" have high
+       privileges and use the environment variables, but the user has been asked
+       whether he agrees.
+     - Programs launched by a user without "Run as Administrator" cannot gain
+       high privileges, therefore there is no risk. */
+  return getenv (name);
 #else
-  if (issetugid ())
-    return 0;
-  return getenv (name);
+  return NULL;
 #endif
 }
--- a/m4/secure_getenv.m4	Sat May 28 08:39:46 2016 -0700
+++ b/m4/secure_getenv.m4	Sun May 29 12:54:32 2016 +0200
@@ -22,4 +22,5 @@
   if test $ac_cv_func___secure_getenv = no; then
     AC_CHECK_FUNCS([issetugid])
   fi
+  AC_CHECK_FUNCS_ONCE([getuid geteuid getgid getegid])
 ])