diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/secure_getenv.c | 29 | ||||
| -rw-r--r-- | lib/verify.h | 2 |
2 files changed, 22 insertions, 9 deletions
diff --git a/lib/secure_getenv.c b/lib/secure_getenv.c index f359ab2173b..88a60dc33c3 100644 --- a/lib/secure_getenv.c +++ b/lib/secure_getenv.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* Look up an environment variable more securely. | 1 | /* Look up an environment variable, returning NULL in insecure situations. |
| 2 | 2 | ||
| 3 | Copyright 2013-2016 Free Software Foundation, Inc. | 3 | Copyright 2013-2016 Free Software Foundation, Inc. |
| 4 | 4 | ||
| @@ -20,22 +20,35 @@ | |||
| 20 | #include <stdlib.h> | 20 | #include <stdlib.h> |
| 21 | 21 | ||
| 22 | #if !HAVE___SECURE_GETENV | 22 | #if !HAVE___SECURE_GETENV |
| 23 | # if HAVE_ISSETUGID | 23 | # if HAVE_ISSETUGID || (HAVE_GETUID && HAVE_GETEUID && HAVE_GETGID && HAVE_GETEGID) |
| 24 | # include <unistd.h> | 24 | # include <unistd.h> |
| 25 | # else | ||
| 26 | # undef issetugid | ||
| 27 | # define issetugid() 1 | ||
| 28 | # endif | 25 | # endif |
| 29 | #endif | 26 | #endif |
| 30 | 27 | ||
| 31 | char * | 28 | char * |
| 32 | secure_getenv (char const *name) | 29 | secure_getenv (char const *name) |
| 33 | { | 30 | { |
| 34 | #if HAVE___SECURE_GETENV | 31 | #if HAVE___SECURE_GETENV /* glibc */ |
| 35 | return __secure_getenv (name); | 32 | return __secure_getenv (name); |
| 36 | #else | 33 | #elif HAVE_ISSETUGID /* OS X, FreeBSD, NetBSD, OpenBSD */ |
| 37 | if (issetugid ()) | 34 | if (issetugid ()) |
| 38 | return 0; | 35 | return NULL; |
| 36 | return getenv (name); | ||
| 37 | #elif HAVE_GETUID && HAVE_GETEUID && HAVE_GETGID && HAVE_GETEGID /* other Unix */ | ||
| 38 | if (geteuid () != getuid () || getegid () != getgid ()) | ||
| 39 | return NULL; | ||
| 39 | return getenv (name); | 40 | return getenv (name); |
| 41 | #elif (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__ /* native Windows */ | ||
| 42 | /* On native Windows, there is no such concept as setuid or setgid binaries. | ||
| 43 | - Programs launched as system services have high privileges, but they don't | ||
| 44 | inherit environment variables from a user. | ||
| 45 | - Programs launched by a user with "Run as Administrator" have high | ||
| 46 | privileges and use the environment variables, but the user has been asked | ||
| 47 | whether he agrees. | ||
| 48 | - Programs launched by a user without "Run as Administrator" cannot gain | ||
| 49 | high privileges, therefore there is no risk. */ | ||
| 50 | return getenv (name); | ||
| 51 | #else | ||
| 52 | return NULL; | ||
| 40 | #endif | 53 | #endif |
| 41 | } | 54 | } |
diff --git a/lib/verify.h b/lib/verify.h index 2f4383743bb..5c8381d2906 100644 --- a/lib/verify.h +++ b/lib/verify.h | |||
| @@ -263,7 +263,7 @@ template <int w> | |||
| 263 | # define assume(R) ((R) ? (void) 0 : __builtin_unreachable ()) | 263 | # define assume(R) ((R) ? (void) 0 : __builtin_unreachable ()) |
| 264 | #elif 1200 <= _MSC_VER | 264 | #elif 1200 <= _MSC_VER |
| 265 | # define assume(R) __assume (R) | 265 | # define assume(R) __assume (R) |
| 266 | #elif (defined lint \ | 266 | #elif ((defined GCC_LINT || defined lint) \ |
| 267 | && (__has_builtin (__builtin_trap) \ | 267 | && (__has_builtin (__builtin_trap) \ |
| 268 | || 3 < __GNUC__ + (3 < __GNUC_MINOR__ + (4 <= __GNUC_PATCHLEVEL__)))) | 268 | || 3 < __GNUC__ + (3 < __GNUC_MINOR__ + (4 <= __GNUC_PATCHLEVEL__)))) |
| 269 | /* Doing it this way helps various packages when configured with | 269 | /* Doing it this way helps various packages when configured with |