mirror of
https://github.com/freebsd/freebsd-src
synced 2024-09-06 17:18:32 +00:00
Add GNU glibc compatible secure_getenv
Add mostly glibc and msl compatible secure_getenv. Return NULL if issetugid() indicates the process is tainted, otherwise getenv(x). The rational behind this is the fact that many Linux applications use this function instead of getenv() as it's widely consider a, "best practice". Reviewed by: imp, mjg (feedback) Pull Request: https://github.com/freebsd/freebsd-src/pull/686 Signed-off-by: Lucy Marsh <seafork@disroot.org>
This commit is contained in:
parent
4f7b3120bc
commit
adeca21464
|
@ -111,6 +111,7 @@ void qsort(void *, size_t, size_t,
|
||||||
int (* _Nonnull)(const void *, const void *));
|
int (* _Nonnull)(const void *, const void *));
|
||||||
int rand(void);
|
int rand(void);
|
||||||
void *realloc(void *, size_t) __result_use_check __alloc_size(2);
|
void *realloc(void *, size_t) __result_use_check __alloc_size(2);
|
||||||
|
char *secure_getenv(const char *);
|
||||||
void srand(unsigned);
|
void srand(unsigned);
|
||||||
double strtod(const char * __restrict, char ** __restrict);
|
double strtod(const char * __restrict, char ** __restrict);
|
||||||
float strtof(const char * __restrict, char ** __restrict);
|
float strtof(const char * __restrict, char ** __restrict);
|
||||||
|
|
|
@ -46,8 +46,8 @@ MAN+= a64l.3 abort.3 abs.3 alloca.3 atexit.3 atof.3 \
|
||||||
MLINKS+=a64l.3 l64a.3 a64l.3 l64a_r.3
|
MLINKS+=a64l.3 l64a.3 a64l.3 l64a_r.3
|
||||||
MLINKS+=atol.3 atoll.3
|
MLINKS+=atol.3 atoll.3
|
||||||
MLINKS+=exit.3 _Exit.3
|
MLINKS+=exit.3 _Exit.3
|
||||||
MLINKS+=getenv.3 clearenv.3 getenv.3 putenv.3 getenv.3 setenv.3 \
|
MLINKS+=getenv.3 clearenv.3 getenv.3 putenv.3 getenv.3 secure_getenv.3 \
|
||||||
getenv.3 unsetenv.3
|
getenv.3 setenv.3 getenv.3 unsetenv.3
|
||||||
MLINKS+=getopt_long.3 getopt_long_only.3
|
MLINKS+=getopt_long.3 getopt_long_only.3
|
||||||
MLINKS+=hcreate.3 hdestroy.3 hcreate.3 hsearch.3
|
MLINKS+=hcreate.3 hdestroy.3 hcreate.3 hsearch.3
|
||||||
MLINKS+=hcreate.3 hcreate_r.3 hcreate.3 hdestroy_r.3 hcreate.3 hsearch_r.3
|
MLINKS+=hcreate.3 hcreate_r.3 hcreate.3 hdestroy_r.3 hcreate.3 hsearch_r.3
|
||||||
|
|
|
@ -128,6 +128,7 @@ FBSD_1.6 {
|
||||||
FBSD_1.7 {
|
FBSD_1.7 {
|
||||||
clearenv;
|
clearenv;
|
||||||
qsort_r;
|
qsort_r;
|
||||||
|
secure_getenv;
|
||||||
};
|
};
|
||||||
|
|
||||||
FBSDprivate_1.0 {
|
FBSDprivate_1.0 {
|
||||||
|
|
|
@ -32,13 +32,14 @@
|
||||||
.\" @(#)getenv.3 8.2 (Berkeley) 12/11/93
|
.\" @(#)getenv.3 8.2 (Berkeley) 12/11/93
|
||||||
.\" $FreeBSD$
|
.\" $FreeBSD$
|
||||||
.\"
|
.\"
|
||||||
.Dd November 7, 2021
|
.Dd March 13, 2023
|
||||||
.Dt GETENV 3
|
.Dt GETENV 3
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
.Nm clearenv ,
|
.Nm clearenv ,
|
||||||
.Nm getenv ,
|
.Nm getenv ,
|
||||||
.Nm putenv ,
|
.Nm putenv ,
|
||||||
|
.Nm secure_getenv ,
|
||||||
.Nm setenv ,
|
.Nm setenv ,
|
||||||
.Nm unsetenv
|
.Nm unsetenv
|
||||||
.Nd environment variable functions
|
.Nd environment variable functions
|
||||||
|
@ -50,6 +51,8 @@
|
||||||
.Fn clearenv "void"
|
.Fn clearenv "void"
|
||||||
.Ft char *
|
.Ft char *
|
||||||
.Fn getenv "const char *name"
|
.Fn getenv "const char *name"
|
||||||
|
.Ft char *
|
||||||
|
.Fn secure_getenv "const char *name"
|
||||||
.Ft int
|
.Ft int
|
||||||
.Fn setenv "const char *name" "const char *value" "int overwrite"
|
.Fn setenv "const char *name" "const char *value" "int overwrite"
|
||||||
.Ft int
|
.Ft int
|
||||||
|
@ -78,6 +81,20 @@ to by the
|
||||||
.Fn getenv
|
.Fn getenv
|
||||||
function.
|
function.
|
||||||
.Pp
|
.Pp
|
||||||
|
The GNU-specific function,
|
||||||
|
.Fn secure_getenv
|
||||||
|
wraps the
|
||||||
|
.Fn getenv
|
||||||
|
function to prevent it from being run in "secure execution".
|
||||||
|
Unlike in glibc,
|
||||||
|
.Fn secure_getenv
|
||||||
|
only checks if the
|
||||||
|
.Fa setuid
|
||||||
|
and
|
||||||
|
.Fa setgid
|
||||||
|
bits have been set or changed.
|
||||||
|
These checks are subject to extension and change.
|
||||||
|
.Pp
|
||||||
The
|
The
|
||||||
.Fn setenv
|
.Fn setenv
|
||||||
function inserts or resets the environment variable
|
function inserts or resets the environment variable
|
||||||
|
@ -139,6 +156,13 @@ is not in the current environment,
|
||||||
.Dv NULL
|
.Dv NULL
|
||||||
is returned.
|
is returned.
|
||||||
.Pp
|
.Pp
|
||||||
|
The
|
||||||
|
.Fn secure_getenv
|
||||||
|
function returns
|
||||||
|
.Dv NULL
|
||||||
|
if the process is in "secure execution," otherwise it will call
|
||||||
|
.Fn getenv .
|
||||||
|
.Pp
|
||||||
.Rv -std clearenv setenv putenv unsetenv
|
.Rv -std clearenv setenv putenv unsetenv
|
||||||
.Sh ERRORS
|
.Sh ERRORS
|
||||||
.Bl -tag -width Er
|
.Bl -tag -width Er
|
||||||
|
|
|
@ -447,6 +447,18 @@ getenv(const char *name)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Runs getenv() unless the current process is tainted by uid or gid changes, in
|
||||||
|
* which case it will return NULL.
|
||||||
|
*/
|
||||||
|
char *
|
||||||
|
secure_getenv(const char *name)
|
||||||
|
{
|
||||||
|
if (issetugid())
|
||||||
|
return NULL;
|
||||||
|
return getenv(name);
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Set the value of a variable. Older settings are labeled as inactive. If an
|
* Set the value of a variable. Older settings are labeled as inactive. If an
|
||||||
* older setting has enough room to store the new value, it will be reused. No
|
* older setting has enough room to store the new value, it will be reused. No
|
||||||
|
|
Loading…
Reference in a new issue