The use of getenv is typically insecure, and we want people
to use our wrappers, to force them to think about setuid
needs.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit
71b21f12bece1127b28b404f11f57b4c2d48983a)
halt='Arrays in XDR must have a upper limit set for <NNN>' \
$(_sc_search_regexp)
+sc_prohibit_getenv:
+ @prohibit='\b(secure_)?getenv *\(' \
+ exclude='exempt from syntax-check' \
+ halt='Use virGetEnv{Allow,Block}SUID instead of getenv' \
+ $(_sc_search_regexp)
# We don't use this feature of maint.mk.
prev_version_file = /dev/null
exclude_file_name_regexp--sc_prohibit_int_ijk = \
^(src/remote_protocol-structs|src/remote/remote_protocol.x|cfg.mk|include/)$
+
+exclude_file_name_regexp--sc_prohibit_getenv = \
+ ^tests/.*\.[ch]$$
*/
const char *virGetEnvBlockSUID(const char *name)
{
- return secure_getenv(name);
+ return secure_getenv(name); /* exempt from syntax-check-rules */
}
*/
const char *virGetEnvAllowSUID(const char *name)
{
- return getenv(name);
+ return getenv(name); /* exempt from syntax-check-rules */
}
projects / thirdparty / libvirt.git / commitdiff
