]>
git.ipfire.org Git - thirdparty/util-linux.git/blob - lib/env.c
2 * Security checks of environment
3 * Added from shadow-utils package
4 * by Arkadiusz MiĆkiewicz <misiek@pld.ORG.PL>
11 #ifdef HAVE_SYS_PRCTL_H
12 #include <sys/prctl.h>
14 #define PR_GET_DUMPABLE 3
16 #if (!defined(HAVE_PRCTL) && defined(linux))
17 #include <sys/syscall.h>
20 #include <sys/types.h>
24 #ifndef HAVE_ENVIRON_DECL
25 extern char **environ
;
28 static char * const forbid
[] = {
29 "BASH_ENV=", /* GNU creeping featurism strikes again... */
34 "LD_", /* anything with the LD_ prefix */
44 /* these are allowed, but with no slashes inside
45 (to work around security problems in GNU gettext) */
46 static char * const noslash
[] = {
49 "LC_", /* anything with the LC_ prefix */
56 char **envp
= environ
;
61 for (cur
= envp
; *cur
; cur
++) {
62 for (bad
= forbid
; *bad
; bad
++) {
63 if (strncmp(*cur
, *bad
, strlen(*bad
)) == 0) {
64 for (move
= cur
; *move
; move
++)
72 for (cur
= envp
; *cur
; cur
++) {
73 for (bad
= noslash
; *bad
; bad
++) {
74 if (strncmp(*cur
, *bad
, strlen(*bad
)) != 0)
76 if (!strchr(*cur
, '/'))
78 for (move
= cur
; *move
; move
++)
87 char *safe_getenv(const char *arg
)
89 uid_t ruid
= getuid();
91 if (ruid
!= 0 || (ruid
!= geteuid()) || (getgid() != getegid()))
94 if (prctl(PR_GET_DUMPABLE
, 0, 0, 0, 0) == 0)
97 #if (defined(linux) && defined(SYS_prctl))
98 if (syscall(SYS_prctl
, PR_GET_DUMPABLE
, 0, 0, 0, 0) == 0)
102 #ifdef HAVE_SECURE_GETENV
103 return secure_getenv(arg
);
104 #elif HAVE___SECURE_GETENV
105 return __secure_getenv(arg
);