]>
git.ipfire.org Git - thirdparty/util-linux.git/blob - lib/env.c
2 * Security checks of environment
3 * Added from shadow-utils package
4 * by Arkadiusz Mi¶kiewicz <misiek@pld.ORG.PL>
11 #ifdef HAVE_SYS_PRCTL_H
12 #include <sys/prctl.h>
14 #define PR_GET_DUMPABLE 3
16 #if (!defined(HAVE_PRCTL) && defined(linux))
17 #include <sys/syscall.h>
20 #include <sys/types.h>
24 #ifndef HAVE_ENVIRON_DECL
25 extern char **environ
;
28 static char * const forbid
[] = {
30 "BASH_ENV=", /* GNU creeping featurism strikes again... */
35 "LD_", /* anything with the LD_ prefix */
45 /* these are allowed, but with no slashes inside
46 (to work around security problems in GNU gettext) */
47 static char * const noslash
[] = {
50 "LC_", /* anything with the LC_ prefix */
57 char **envp
= environ
;
62 for (cur
= envp
; *cur
; cur
++) {
63 for (bad
= forbid
; *bad
; bad
++) {
64 if (strncmp(*cur
, *bad
, strlen(*bad
)) == 0) {
65 for (move
= cur
; *move
; move
++)
73 for (cur
= envp
; *cur
; cur
++) {
74 for (bad
= noslash
; *bad
; bad
++) {
75 if (strncmp(*cur
, *bad
, strlen(*bad
)) != 0)
77 if (!strchr(*cur
, '/'))
79 for (move
= cur
; *move
; move
++)
88 char *safe_getenv(const char *arg
)
90 uid_t ruid
= getuid();
92 if (ruid
!= 0 || (ruid
!= geteuid()) || (getgid() != getegid()))
95 if (prctl(PR_GET_DUMPABLE
, 0, 0, 0, 0) == 0)
98 #if (defined(linux) && defined(SYS_prctl))
99 if (syscall(SYS_prctl
, PR_GET_DUMPABLE
, 0, 0, 0, 0) == 0)
104 #ifdef HAVE___SECURE_GETENV
105 return __secure_getenv(arg
);