mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-21 12:30:06 +00:00
Rename __secure_getenv to secure_getenv
This commit is contained in:
parent
56e49b714e
commit
84b3fd8407
63
ChangeLog
63
ChangeLog
@ -1,3 +1,66 @@
|
||||
2012-07-25 Florian Weimer <fweimer@redhat.com>
|
||||
|
||||
* Versions.def: Add GLIBC_2.17.
|
||||
|
||||
* stdlib/stdlib.h: Rename __secure_getenv to secure_getenv.
|
||||
* include/stdlib.h: Rename __secure_getenv to secure_getenv.
|
||||
Introduce __libc_secure_getenv.
|
||||
* stdlib/Versions: Add secure_getenv and __libc_secure_getenv.
|
||||
* stdlib/secure-getenv.c: Likewise. Update copyright years.
|
||||
* stdlib/tst-secure-getenv.c: New.
|
||||
* stdlib/Makefile (tests): Add testcase.
|
||||
|
||||
* manual/startup.texi (Environment Access): Document
|
||||
secure_getenv.
|
||||
|
||||
* hesiod/hesiod.c (hesiod_init): Rename __secure_getenv to
|
||||
__libc_secure_getenv.
|
||||
* inet/ruserpass.c (ruserpass): Likewise.
|
||||
* malloc/mtrace.c (mtrace): Likewise.
|
||||
* sysdeps/mach/hurd/tmpfile.c (__tmpfile): Likewise.
|
||||
* sysdeps/posix/libc_fatal.c (__libc_fatal): Likewise. Update
|
||||
copyright years.
|
||||
* sysdeps/posix/sysconf.c (__sysconf__check_spec): Likewise.
|
||||
* sysdeps/posix/tempname.c: Likewise. Evaluate
|
||||
HAVE_SECURE_GETENV.
|
||||
* sysdeps/unix/sysv/linux/libc_fatal.c (__libc_message): Rename
|
||||
__secure_getenv to __libc_secure_getenv. Update copyright years.
|
||||
|
||||
* sysdeps/unix/sysv/linux/i386/nptl/libc.abilist: Add secure_getenv.
|
||||
* sysdeps/unix/sysv/linux/libc_fatal.c: Likewise.
|
||||
* sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/nptl/libc.abilist:
|
||||
Likewise.
|
||||
* sysdeps/unix/sysv/linux/powerpc/powerpc64/nptl/libc.abilist:
|
||||
Likewise.
|
||||
* sysdeps/unix/sysv/linux/s390/s390-32/nptl/libc.abilist: Likewise.
|
||||
* sysdeps/unix/sysv/linux/s390/s390-64/nptl/libc.abilist: Likewise.
|
||||
* sysdeps/unix/sysv/linux/sh/nptl/libc.abilist: Likewise.
|
||||
* sysdeps/unix/sysv/linux/sparc/sparc32/nptl/libc.abilist: Likewise.
|
||||
* sysdeps/unix/sysv/linux/sparc/sparc64/nptl/libc.abilist: Likewise.
|
||||
* sysdeps/unix/sysv/linux/x86_64/64/nptl/libc.abilist: Likewise.
|
||||
* sysdeps/unix/sysv/linux/x86_64/x32/nptl/libc.abilist: Likewise.
|
||||
* ports/sysdeps/unix/sysv/linux/alpha/nptl/libc.abilist: Likewise.
|
||||
* ports/sysdeps/unix/sysv/linux/arm/nptl/libc.abilist: Likewise.
|
||||
* ports/sysdeps/unix/sysv/linux/ia64/nptl/libc.abilist: Likewise.
|
||||
* ports/sysdeps/unix/sysv/linux/m68k/coldfire/nptl/libc.abilist:
|
||||
Likewise.
|
||||
* ports/sysdeps/unix/sysv/linux/m68k/m680x0/nptl/libc.abilist:
|
||||
Likewise.
|
||||
* ports/sysdeps/unix/sysv/linux/mips/mips32/nptl/libc.abilist:
|
||||
Likewise.
|
||||
* ports/sysdeps/unix/sysv/linux/mips/mips64/n32/nptl/libc.abilist:
|
||||
Likewise.
|
||||
* ports/sysdeps/unix/sysv/linux/mips/mips64/n64/nptl/libc.abilist:
|
||||
Likewise.
|
||||
* ports/sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/nptl/libc.abilist:
|
||||
Likewise.
|
||||
* ports/sysdeps/unix/sysv/linux/tile/tilegx/tilegx32/nptl/libc.abilist:
|
||||
Likewise.
|
||||
* ports/sysdeps/unix/sysv/linux/tile/tilegx/tilegx64/nptl/libc.abilist:
|
||||
Likewise.
|
||||
* ports/sysdeps/unix/sysv/linux/tile/tilepro/nptl/libc.abilist:
|
||||
Likewise.
|
||||
|
||||
2012-07-25 Joseph Myers <joseph@codesourcery.com>
|
||||
|
||||
* sysdeps/generic/ldsodefs.h (struct La_i86_regs): Remove.
|
||||
|
4
NEWS
4
NEWS
@ -17,6 +17,10 @@ Version 2.17
|
||||
zEnterprise z196.
|
||||
Implemented by Andreas Krebbel.
|
||||
|
||||
* The new function secure_getenv allows secure access to the environment,
|
||||
returning NULL if running in a SUID/SGID process. This function replaces
|
||||
the internal function __secure_getenv.
|
||||
|
||||
|
||||
Version 2.16
|
||||
|
||||
|
@ -33,6 +33,7 @@ libc {
|
||||
GLIBC_2.14
|
||||
GLIBC_2.15
|
||||
GLIBC_2.16
|
||||
GLIBC_2.17
|
||||
HURD_CTHREADS_0.3
|
||||
%ifdef EXPORT_UNWIND_FIND_FDE
|
||||
GCC_3.0
|
||||
|
@ -87,7 +87,7 @@ hesiod_init(void **context) {
|
||||
ctx->classes[0] = C_IN;
|
||||
ctx->classes[1] = C_HS;
|
||||
|
||||
configname = __secure_getenv("HESIOD_CONFIG");
|
||||
configname = __libc_secure_getenv("HESIOD_CONFIG");
|
||||
if (!configname)
|
||||
configname = _PATH_HESIOD_CONF;
|
||||
if (parse_config_file(ctx, configname) < 0) {
|
||||
@ -109,7 +109,7 @@ hesiod_init(void **context) {
|
||||
* The default RHS can be overridden by an environment
|
||||
* variable.
|
||||
*/
|
||||
if ((cp = __secure_getenv("HES_DOMAIN")) != NULL) {
|
||||
if ((cp = __libc_secure_getenv("HES_DOMAIN")) != NULL) {
|
||||
free(ctx->RHS);
|
||||
ctx->RHS = malloc(strlen(cp)+2);
|
||||
if (!ctx->RHS)
|
||||
|
@ -33,12 +33,13 @@ libc_hidden_proto (__strtold_l)
|
||||
libc_hidden_proto (exit)
|
||||
libc_hidden_proto (abort)
|
||||
libc_hidden_proto (getenv)
|
||||
extern __typeof (secure_getenv) __libc_secure_getenv;
|
||||
libc_hidden_proto (__libc_secure_getenv)
|
||||
libc_hidden_proto (bsearch)
|
||||
libc_hidden_proto (qsort)
|
||||
libc_hidden_proto (qsort_r)
|
||||
libc_hidden_proto (lrand48_r)
|
||||
libc_hidden_proto (wctomb)
|
||||
libc_hidden_proto (__secure_getenv)
|
||||
|
||||
extern long int __random (void);
|
||||
extern void __srandom (unsigned int __seed);
|
||||
|
@ -102,7 +102,7 @@ ruserpass(host, aname, apass)
|
||||
int t, usedefault = 0;
|
||||
struct stat64 stb;
|
||||
|
||||
hdir = __secure_getenv("HOME");
|
||||
hdir = __libc_secure_getenv("HOME");
|
||||
if (hdir == NULL) {
|
||||
/* If we can't get HOME, fail instead of trying ".",
|
||||
which is no improvement. This really should call
|
||||
|
@ -309,7 +309,7 @@ mtrace ()
|
||||
/* When compiling the GNU libc we use the secure getenv function
|
||||
which prevents the misuse in case of SUID or SGID enabled
|
||||
programs. */
|
||||
mallfile = __secure_getenv (mallenv);
|
||||
mallfile = __libc_secure_getenv (mallenv);
|
||||
#else
|
||||
mallfile = getenv (mallenv);
|
||||
#endif
|
||||
|
@ -310,11 +310,15 @@ character, since this is assumed to terminate the string.
|
||||
|
||||
The value of an environment variable can be accessed with the
|
||||
@code{getenv} function. This is declared in the header file
|
||||
@file{stdlib.h}. Modifications of enviroment variables are not
|
||||
allowed in Multi-threaded programs. The @code{getenv} function
|
||||
can be safely used in multi-threaded programs
|
||||
@file{stdlib.h}.
|
||||
@pindex stdlib.h
|
||||
|
||||
Libraries should use @code{secure_getenv} instead of @code{getenv}, so
|
||||
that they do not accidentally use untrusted environment variables.
|
||||
Modifications of environment variables are not allowed in
|
||||
multi-threaded programs. The @code{getenv} and @code{secure_getenv}
|
||||
functions can be safely used in multi-threaded programs.
|
||||
|
||||
@comment stdlib.h
|
||||
@comment ISO
|
||||
@deftypefun {char *} getenv (const char *@var{name})
|
||||
@ -326,6 +330,18 @@ environment variable @var{name} is not defined, the value is a null
|
||||
pointer.
|
||||
@end deftypefun
|
||||
|
||||
@comment stdlib.h
|
||||
@comment GNU
|
||||
@deftypefun {char *} secure_getenv (const char *@var{name})
|
||||
This function is similar to @code{getenv}, but it returns a null
|
||||
pointer if the environment is untrusted. This happens when the
|
||||
program file has SUID or SGID bits set. General-purpose libraries
|
||||
should always prefer this function over @code{getenv} to avoid
|
||||
vulnerabilities if the library is referenced from a SUID/SGID program.
|
||||
|
||||
This function is a GNU extension.
|
||||
@end deftypefun
|
||||
|
||||
|
||||
@comment stdlib.h
|
||||
@comment SVID
|
||||
|
@ -1811,6 +1811,9 @@ GLIBC_2.16
|
||||
sys_errlist D 0x460
|
||||
sys_nerr D 0x4
|
||||
timespec_get F
|
||||
GLIBC_2.17
|
||||
GLIBC_2.17 A
|
||||
secure_getenv F
|
||||
GLIBC_2.2
|
||||
GLIBC_2.2 A
|
||||
_IO_adjust_wcolumn F
|
||||
|
@ -78,6 +78,9 @@ GLIBC_2.16
|
||||
mbrtoc16 F
|
||||
mbrtoc32 F
|
||||
timespec_get F
|
||||
GLIBC_2.17
|
||||
GLIBC_2.17 A
|
||||
secure_getenv F
|
||||
GLIBC_2.4
|
||||
GLIBC_2.4 A
|
||||
_Exit F
|
||||
|
@ -78,6 +78,9 @@ GLIBC_2.16
|
||||
mbrtoc16 F
|
||||
mbrtoc32 F
|
||||
timespec_get F
|
||||
GLIBC_2.17
|
||||
GLIBC_2.17 A
|
||||
secure_getenv F
|
||||
GLIBC_2.2
|
||||
GLIBC_2.2 A
|
||||
_Exit F
|
||||
|
@ -79,6 +79,9 @@ GLIBC_2.16
|
||||
mbrtoc16 F
|
||||
mbrtoc32 F
|
||||
timespec_get F
|
||||
GLIBC_2.17
|
||||
GLIBC_2.17 A
|
||||
secure_getenv F
|
||||
GLIBC_2.4
|
||||
GLIBC_2.4 A
|
||||
_Exit F
|
||||
|
@ -1767,6 +1767,9 @@ GLIBC_2.16
|
||||
mbrtoc16 F
|
||||
mbrtoc32 F
|
||||
timespec_get F
|
||||
GLIBC_2.17
|
||||
GLIBC_2.17 A
|
||||
secure_getenv F
|
||||
GLIBC_2.2
|
||||
GLIBC_2.2 A
|
||||
_IO_adjust_wcolumn F
|
||||
|
@ -2242,3 +2242,6 @@ GLIBC_2.9
|
||||
pipe2 F
|
||||
_gp_disp
|
||||
_gp_disp A
|
||||
GLIBC_2.17
|
||||
GLIBC_2.17 A
|
||||
secure_getenv F
|
||||
|
@ -1390,6 +1390,9 @@ GLIBC_2.16
|
||||
mbrtoc16 F
|
||||
mbrtoc32 F
|
||||
timespec_get F
|
||||
GLIBC_2.17
|
||||
GLIBC_2.17 A
|
||||
secure_getenv F
|
||||
GLIBC_2.2
|
||||
GLIBC_2.2 A
|
||||
_Exit F
|
||||
|
@ -1388,6 +1388,9 @@ GLIBC_2.16
|
||||
mbrtoc16 F
|
||||
mbrtoc32 F
|
||||
timespec_get F
|
||||
GLIBC_2.17
|
||||
GLIBC_2.17 A
|
||||
secure_getenv F
|
||||
GLIBC_2.2
|
||||
GLIBC_2.2 A
|
||||
_Exit F
|
||||
|
@ -1772,6 +1772,9 @@ GLIBC_2.16
|
||||
mbrtoc16 F
|
||||
mbrtoc32 F
|
||||
timespec_get F
|
||||
GLIBC_2.17
|
||||
GLIBC_2.17 A
|
||||
secure_getenv F
|
||||
GLIBC_2.2
|
||||
GLIBC_2.2 A
|
||||
_IO_adjust_wcolumn F
|
||||
|
@ -2080,3 +2080,6 @@ GLIBC_2.16
|
||||
mbrtoc16 F
|
||||
mbrtoc32 F
|
||||
timespec_get F
|
||||
GLIBC_2.17
|
||||
GLIBC_2.17 A
|
||||
secure_getenv F
|
||||
|
@ -2080,3 +2080,6 @@ GLIBC_2.16
|
||||
mbrtoc16 F
|
||||
mbrtoc32 F
|
||||
timespec_get F
|
||||
GLIBC_2.17
|
||||
GLIBC_2.17 A
|
||||
secure_getenv F
|
||||
|
@ -2080,3 +2080,6 @@ GLIBC_2.16
|
||||
mbrtoc16 F
|
||||
mbrtoc32 F
|
||||
timespec_get F
|
||||
GLIBC_2.17
|
||||
GLIBC_2.17 A
|
||||
secure_getenv F
|
||||
|
@ -68,7 +68,9 @@ tests := tst-strtol tst-strtod testmb testrand testsort testdiv \
|
||||
tst-atof1 tst-atof2 tst-strtod2 tst-strtod3 tst-rand48-2 \
|
||||
tst-makecontext tst-strtod4 tst-strtod5 tst-qsort2 \
|
||||
tst-makecontext2 tst-strtod6 tst-unsetenv1 \
|
||||
tst-makecontext3 bug-getcontext bug-fmtmsg1
|
||||
tst-makecontext3 bug-getcontext bug-fmtmsg1 \
|
||||
tst-secure-getenv
|
||||
tests-static := tst-secure-getenv
|
||||
|
||||
include ../Makeconfig
|
||||
|
||||
|
@ -6,7 +6,7 @@ libc {
|
||||
# functions used in inline functions or macros
|
||||
__strto*_internal;
|
||||
|
||||
# functions used in other libraries
|
||||
# compatibility symbol
|
||||
__secure_getenv;
|
||||
|
||||
# a*
|
||||
@ -103,11 +103,16 @@ libc {
|
||||
GLIBC_2.13 {
|
||||
__fentry__;
|
||||
}
|
||||
GLIBC_2.17 {
|
||||
secure_getenv;
|
||||
}
|
||||
GLIBC_PRIVATE {
|
||||
# functions which have an additional interface since they are
|
||||
# are cancelable.
|
||||
__libc_system;
|
||||
# Variable which needs a dynamic symbol table entry.
|
||||
__abort_msg;
|
||||
# Used from other libraries
|
||||
__libc_secure_getenv;
|
||||
}
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (C) 1991, 1992, 1994, 1996, 2002 Free Software Foundation, Inc.
|
||||
/* Copyright (C) 1991-2012 Free Software Foundation, Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
The GNU C Library is free software; you can redistribute it and/or
|
||||
@ -18,13 +18,20 @@
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <shlib-compat.h>
|
||||
|
||||
/* Some programs and especially the libc itself have to be careful
|
||||
what values to accept from the environment. This special version
|
||||
checks for SUID or SGID first before doing any work. */
|
||||
char *
|
||||
__secure_getenv (name)
|
||||
__libc_secure_getenv (name)
|
||||
const char *name;
|
||||
{
|
||||
return __libc_enable_secure ? NULL : getenv (name);
|
||||
}
|
||||
libc_hidden_def (__secure_getenv)
|
||||
weak_alias (__libc_secure_getenv, secure_getenv)
|
||||
libc_hidden_weak (__libc_secure_getenv)
|
||||
|
||||
#if SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_16)
|
||||
compat_symbol (libc, __libc_secure_getenv, __secure_getenv, GLIBC_2_0);
|
||||
#endif
|
||||
|
@ -568,10 +568,12 @@ __BEGIN_NAMESPACE_STD
|
||||
extern char *getenv (const char *__name) __THROW __nonnull ((1)) __wur;
|
||||
__END_NAMESPACE_STD
|
||||
|
||||
#ifdef __USE_GNU
|
||||
/* This function is similar to the above but returns NULL if the
|
||||
programs is running with SUID or SGID enabled. */
|
||||
extern char *__secure_getenv (const char *__name)
|
||||
extern char *secure_getenv (const char *__name)
|
||||
__THROW __nonnull ((1)) __wur;
|
||||
#endif
|
||||
|
||||
#if defined __USE_SVID || defined __USE_XOPEN
|
||||
/* The SVID says this is in <stdio.h>, but this seems a better place. */
|
||||
|
250
stdlib/tst-secure-getenv.c
Normal file
250
stdlib/tst-secure-getenv.c
Normal file
@ -0,0 +1,250 @@
|
||||
/* Copyright (C) 2012 Free Software Foundation, Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
The GNU C Library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
|
||||
The GNU C Library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with the GNU C Library; if not, see
|
||||
<http://www.gnu.org/licenses/>. */
|
||||
|
||||
/* Test that secure_getenv works by invoking the test as a SGID
|
||||
program with a group ID from the supplementary group list. This
|
||||
test can fail spuriously if the user is not a member of a suitable
|
||||
supplementary group. */
|
||||
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdint.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/wait.h>
|
||||
#include <unistd.h>
|
||||
|
||||
static char MAGIC_ARGUMENT[] = "run-actual-test";
|
||||
#define MAGIC_STATUS 19
|
||||
|
||||
static const char *test_dir;
|
||||
|
||||
/* Return a GID which is not our current GID, but is present in the
|
||||
supplementary group list. */
|
||||
static gid_t
|
||||
choose_gid (void)
|
||||
{
|
||||
const int count = 64;
|
||||
gid_t groups[count];
|
||||
int ret = getgroups (count, groups);
|
||||
if (ret < 0)
|
||||
{
|
||||
perror ("getgroups");
|
||||
exit (1);
|
||||
}
|
||||
gid_t current = getgid ();
|
||||
for (int i = 0; i < ret; ++i)
|
||||
{
|
||||
if (groups[i] != current)
|
||||
return groups[i];
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* Copies the executable into a restricted directory, so that we can
|
||||
safely make it SGID with the TARGET group ID. Then runs the
|
||||
executable. */
|
||||
static int
|
||||
run_executable_sgid (gid_t target)
|
||||
{
|
||||
char *dirname = 0;
|
||||
char *execname = 0;
|
||||
int infd = -1;
|
||||
int outfd = -1;
|
||||
int ret = -1;
|
||||
if (asprintf (&dirname, "%s/secure-getenv.%jd",
|
||||
test_dir, (intmax_t) getpid ()) < 0)
|
||||
{
|
||||
perror ("asprintf");
|
||||
goto err;
|
||||
}
|
||||
if (mkdir (dirname, 0700) < 0)
|
||||
{
|
||||
perror ("mkdir");
|
||||
goto err;
|
||||
}
|
||||
if (asprintf (&execname, "%s/bin", dirname) < 0)
|
||||
{
|
||||
perror ("asprintf");
|
||||
goto err;
|
||||
}
|
||||
infd = open ("/proc/self/exe", O_RDONLY);
|
||||
if (infd < 0)
|
||||
{
|
||||
perror ("open");
|
||||
goto err;
|
||||
}
|
||||
outfd = open (execname, O_WRONLY | O_CREAT | O_EXCL, 0700);
|
||||
if (outfd < 0)
|
||||
{
|
||||
perror ("open");
|
||||
goto err;
|
||||
}
|
||||
char buf[4096];
|
||||
for (;;)
|
||||
{
|
||||
ssize_t rdcount = read (infd, buf, sizeof (buf));
|
||||
if (rdcount < 0)
|
||||
{
|
||||
perror ("read");
|
||||
goto err;
|
||||
}
|
||||
if (rdcount == 0)
|
||||
break;
|
||||
char *p = buf;
|
||||
char *end = buf + rdcount;
|
||||
while (p != end)
|
||||
{
|
||||
ssize_t wrcount = write (outfd, buf, end - p);
|
||||
if (wrcount == 0)
|
||||
errno = ENOSPC;
|
||||
if (wrcount <= 0)
|
||||
{
|
||||
perror ("write");
|
||||
goto err;
|
||||
}
|
||||
p += wrcount;
|
||||
}
|
||||
}
|
||||
if (fchown (outfd, getuid (), target) < 0)
|
||||
{
|
||||
perror ("fchown");
|
||||
goto err;
|
||||
}
|
||||
if (fchmod (outfd, 02750) < 0)
|
||||
{
|
||||
perror ("fchmod");
|
||||
goto err;
|
||||
}
|
||||
if (close (outfd) < 0)
|
||||
{
|
||||
perror ("close");
|
||||
goto err;
|
||||
}
|
||||
if (close (infd) < 0)
|
||||
{
|
||||
perror ("close");
|
||||
goto err;
|
||||
}
|
||||
|
||||
int kid = fork ();
|
||||
if (kid < 0)
|
||||
{
|
||||
perror ("fork");
|
||||
goto err;
|
||||
}
|
||||
if (kid == 0)
|
||||
{
|
||||
/* Child process. */
|
||||
char *args[] = { execname, MAGIC_ARGUMENT, NULL };
|
||||
execve (execname, args, environ);
|
||||
perror ("execve");
|
||||
_exit (1);
|
||||
}
|
||||
int status;
|
||||
if (waitpid (kid, &status, 0) < 0)
|
||||
{
|
||||
perror ("waitpid");
|
||||
goto err;
|
||||
}
|
||||
if (!WIFEXITED (status) || WEXITSTATUS (status) != MAGIC_STATUS)
|
||||
{
|
||||
fprintf (stderr, "Unexpected exit status %d from child process\n",
|
||||
status);
|
||||
goto err;
|
||||
}
|
||||
ret = 0;
|
||||
|
||||
err:
|
||||
if (outfd >= 0)
|
||||
close (outfd);
|
||||
if (infd >= 0)
|
||||
close (infd);
|
||||
if (execname)
|
||||
{
|
||||
unlink (execname);
|
||||
free (execname);
|
||||
}
|
||||
if (dirname)
|
||||
{
|
||||
rmdir (dirname);
|
||||
free (dirname);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int
|
||||
do_test (void)
|
||||
{
|
||||
if (getenv ("PATH") == NULL)
|
||||
{
|
||||
fprintf (stderr, "PATH not set\n");
|
||||
exit (1);
|
||||
}
|
||||
if (secure_getenv ("PATH") == NULL)
|
||||
{
|
||||
fprintf (stderr, "PATH not set according to secure_getenv\n");
|
||||
exit (1);
|
||||
}
|
||||
if (strcmp (getenv ("PATH"), secure_getenv ("PATH")) != 0)
|
||||
{
|
||||
fprintf (stderr, "PATH mismatch (%s, %s)\n",
|
||||
getenv ("PATH"), secure_getenv ("PATH"));
|
||||
exit (1);
|
||||
}
|
||||
|
||||
gid_t target = choose_gid ();
|
||||
if (target == 0)
|
||||
{
|
||||
fprintf (stderr, "Could not find a suitable GID user %jd\n",
|
||||
(intmax_t) getuid ());
|
||||
exit (1);
|
||||
}
|
||||
return run_executable_sgid (target);
|
||||
}
|
||||
|
||||
static void
|
||||
alternative_main (int argc, char **argv)
|
||||
{
|
||||
if (argc == 2 && strcmp (argv[1], MAGIC_ARGUMENT) == 0)
|
||||
{
|
||||
if (getgid () == getegid ())
|
||||
{
|
||||
fprintf (stderr, "SGID failed: GID and EGID match (%jd)\n",
|
||||
(intmax_t) getgid ());
|
||||
exit (2);
|
||||
}
|
||||
if (getenv ("PATH") == NULL)
|
||||
{
|
||||
fprintf (stderr, "PATH variable not present\n");
|
||||
exit (3);
|
||||
}
|
||||
if (secure_getenv ("PATH") != NULL)
|
||||
{
|
||||
fprintf (stderr, "PATH variable not filtered out\n");
|
||||
exit (4);
|
||||
}
|
||||
exit (MAGIC_STATUS);
|
||||
}
|
||||
}
|
||||
|
||||
#define PREPARE(argc, argv) alternative_main(argc, argv)
|
||||
#define TEST_FUNCTION do_test ()
|
||||
#include "../test-skeleton.c"
|
@ -37,7 +37,7 @@ __tmpfile (void)
|
||||
FILE *f;
|
||||
|
||||
/* Get a port to the directory that will contain the file. */
|
||||
const char *dirname = __secure_getenv ("TMPDIR") ?: P_tmpdir;
|
||||
const char *dirname = __libc_secure_getenv ("TMPDIR") ?: P_tmpdir;
|
||||
file_t dir = __file_name_lookup (dirname, 0, 0);
|
||||
if (dir == MACH_PORT_NULL)
|
||||
return NULL;
|
||||
|
@ -1,5 +1,4 @@
|
||||
/* Copyright (C) 1993-1995,1997,2000,2004,2005,2009,2011
|
||||
Free Software Foundation, Inc.
|
||||
/* Copyright (C) 1993-2012 Free Software Foundation, Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
The GNU C Library is free software; you can redistribute it and/or
|
||||
@ -61,7 +60,7 @@ __libc_message (int do_abort, const char *fmt, ...)
|
||||
|
||||
/* Open a descriptor for /dev/tty unless the user explicitly
|
||||
requests errors on standard error. */
|
||||
const char *on_2 = __secure_getenv ("LIBC_FATAL_STDERR_");
|
||||
const char *on_2 = __libc_secure_getenv ("LIBC_FATAL_STDERR_");
|
||||
if (on_2 == NULL || *on_2 == '\0')
|
||||
fd = open_not_cancel_2 (_PATH_TTY, O_RDWR | O_NOCTTY | O_NDELAY);
|
||||
|
||||
|
@ -1,5 +1,4 @@
|
||||
/* Copyright (C) 1991,1993,1995-1997,1999-2003,2004,2006,2009
|
||||
Free Software Foundation, Inc.
|
||||
/* Copyright (C) 1991-2012 Free Software Foundation, Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
The GNU C Library is free software; you can redistribute it and/or
|
||||
@ -1259,7 +1258,7 @@ __sysconf_check_spec (const char *spec)
|
||||
{
|
||||
int save_errno = errno;
|
||||
|
||||
const char *getconf_dir = __secure_getenv ("GETCONF_DIR") ?: GETCONF_DIR;
|
||||
const char *getconf_dir = __libc_secure_getenv ("GETCONF_DIR") ?: GETCONF_DIR;
|
||||
size_t getconf_dirlen = strlen (getconf_dir);
|
||||
size_t speclen = strlen (spec);
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (C) 1991-2001, 2006, 2007, 2009 Free Software Foundation, Inc.
|
||||
/* Copyright (C) 1991-2012 Free Software Foundation, Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
The GNU C Library is free software; you can redistribute it and/or
|
||||
@ -101,8 +101,12 @@
|
||||
# define __xstat64(version, path, buf) stat (path, buf)
|
||||
#endif
|
||||
|
||||
#if ! (HAVE___SECURE_GETENV || _LIBC)
|
||||
# define __secure_getenv getenv
|
||||
#if ! (HAVE_SECURE_GETENV || _LIBC)
|
||||
# ifdef HAVE___SECURE_GETENV
|
||||
# define __libc_secure_getenv __secure_getenv
|
||||
# else
|
||||
# define __libc_secure_getenv getenv
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#ifdef _LIBC
|
||||
@ -168,7 +172,7 @@ __path_search (char *tmpl, size_t tmpl_len, const char *dir, const char *pfx,
|
||||
|
||||
if (try_tmpdir)
|
||||
{
|
||||
d = __secure_getenv ("TMPDIR");
|
||||
d = __libc_secure_getenv ("TMPDIR");
|
||||
if (d != NULL && direxists (d))
|
||||
dir = d;
|
||||
else if (dir != NULL && direxists (dir))
|
||||
|
@ -1811,6 +1811,9 @@ GLIBC_2.16
|
||||
mbrtoc16 F
|
||||
mbrtoc32 F
|
||||
timespec_get F
|
||||
GLIBC_2.17
|
||||
GLIBC_2.17 A
|
||||
secure_getenv F
|
||||
GLIBC_2.2
|
||||
GLIBC_2.2 A
|
||||
_IO_adjust_wcolumn F
|
||||
|
@ -1,5 +1,4 @@
|
||||
/* Copyright (C) 1993-1995,1997,2000,2002-2005,2009,2011
|
||||
Free Software Foundation, Inc.
|
||||
/* Copyright (C) 1993-2012 Free Software Foundation, Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
The GNU C Library is free software; you can redistribute it and/or
|
||||
@ -64,7 +63,7 @@ __libc_message (int do_abort, const char *fmt, ...)
|
||||
|
||||
/* Open a descriptor for /dev/tty unless the user explicitly
|
||||
requests errors on standard error. */
|
||||
const char *on_2 = __secure_getenv ("LIBC_FATAL_STDERR_");
|
||||
const char *on_2 = __libc_secure_getenv ("LIBC_FATAL_STDERR_");
|
||||
if (on_2 == NULL || *on_2 == '\0')
|
||||
fd = open_not_cancel_2 (_PATH_TTY, O_RDWR | O_NOCTTY | O_NDELAY);
|
||||
|
||||
|
@ -1772,6 +1772,9 @@ GLIBC_2.16
|
||||
mbrtoc16 F
|
||||
mbrtoc32 F
|
||||
timespec_get F
|
||||
GLIBC_2.17
|
||||
GLIBC_2.17 A
|
||||
secure_getenv F
|
||||
GLIBC_2.2
|
||||
GLIBC_2.2 A
|
||||
_IO_adjust_wcolumn F
|
||||
|
@ -78,6 +78,9 @@ GLIBC_2.16
|
||||
mbrtoc16 F
|
||||
mbrtoc32 F
|
||||
timespec_get F
|
||||
GLIBC_2.17
|
||||
GLIBC_2.17 A
|
||||
secure_getenv F
|
||||
GLIBC_2.3
|
||||
GLIBC_2.3 A
|
||||
_Exit F
|
||||
|
@ -1763,6 +1763,9 @@ GLIBC_2.16
|
||||
mbrtoc16 F
|
||||
mbrtoc32 F
|
||||
timespec_get F
|
||||
GLIBC_2.17
|
||||
GLIBC_2.17 A
|
||||
secure_getenv F
|
||||
GLIBC_2.2
|
||||
GLIBC_2.2 A
|
||||
_IO_adjust_wcolumn F
|
||||
|
@ -84,6 +84,9 @@ GLIBC_2.16
|
||||
mbrtoc16 F
|
||||
mbrtoc32 F
|
||||
timespec_get F
|
||||
GLIBC_2.17
|
||||
GLIBC_2.17 A
|
||||
secure_getenv F
|
||||
GLIBC_2.2
|
||||
GLIBC_2.2 A
|
||||
_Exit F
|
||||
|
@ -84,6 +84,9 @@ GLIBC_2.16
|
||||
mbrtoc16 F
|
||||
mbrtoc32 F
|
||||
timespec_get F
|
||||
GLIBC_2.17
|
||||
GLIBC_2.17 A
|
||||
secure_getenv F
|
||||
GLIBC_2.2
|
||||
GLIBC_2.2 A
|
||||
_Exit F
|
||||
|
@ -1768,6 +1768,9 @@ GLIBC_2.16
|
||||
sys_errlist D 0x220
|
||||
sys_nerr D 0x4
|
||||
timespec_get F
|
||||
GLIBC_2.17
|
||||
GLIBC_2.17 A
|
||||
secure_getenv F
|
||||
GLIBC_2.2
|
||||
GLIBC_2.2 A
|
||||
_IO_adjust_wcolumn F
|
||||
|
@ -89,6 +89,9 @@ GLIBC_2.16
|
||||
sys_errlist D 0x440
|
||||
sys_nerr D 0x4
|
||||
timespec_get F
|
||||
GLIBC_2.17
|
||||
GLIBC_2.17 A
|
||||
secure_getenv F
|
||||
GLIBC_2.2
|
||||
GLIBC_2.2 A
|
||||
_Exit F
|
||||
|
@ -80,6 +80,9 @@ GLIBC_2.16
|
||||
mbrtoc16 F
|
||||
mbrtoc32 F
|
||||
timespec_get F
|
||||
GLIBC_2.17
|
||||
GLIBC_2.17 A
|
||||
secure_getenv F
|
||||
GLIBC_2.2.5
|
||||
GLIBC_2.2.5 A
|
||||
_Exit F
|
||||
|
@ -2078,3 +2078,6 @@ GLIBC_2.16
|
||||
xencrypt F
|
||||
xprt_register F
|
||||
xprt_unregister F
|
||||
GLIBC_2.17
|
||||
GLIBC_2.17 A
|
||||
secure_getenv F
|
||||
|
Loading…
Reference in New Issue
Block a user