From: Karel Zak <kzak@redhat.com>
Date: Tue, 20 May 2025 18:08:09 +0000 (+0200)
Subject: treewide: improve getauxval(AT_SECURE) usage
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=78914c80540663e666841713b3a3ef7ae5396e05;p=thirdparty%2Futil-linux.git

treewide: improve getauxval(AT_SECURE) usage

Let's enhance portability and readability slightly.

Signed-off-by: Karel Zak <kzak@redhat.com>
---

diff --git a/configure.ac b/configure.ac
index 68a8f54d9..0e11650ae 100644
--- a/configure.ac
+++ b/configure.ac
@@ -370,6 +370,7 @@ AC_CHECK_HEADERS([ \
 	stdint.h \
 	stdio_ext.h \
 	stdlib.h \
+	sys/auxv.h \
 	sys/disk.h \
 	sys/disklabel.h \
 	sys/endian.h \
@@ -618,6 +619,7 @@ AC_CHECK_FUNCS([ \
 	fsopen \
 	fspick \
 	fsync \
+	getauxval \
 	getdomainname \
 	getdtablesize \
 	getexecname \
diff --git a/include/c.h b/include/c.h
index 50e34a120..c4c73ce9d 100644
--- a/include/c.h
+++ b/include/c.h
@@ -10,6 +10,7 @@
 #include <limits.h>
 #include <stddef.h>
 #include <stdint.h>
+#include <stdbool.h>
 #include <stdio.h>
 #include <unistd.h>
 #include <stdarg.h>
@@ -37,6 +38,10 @@
 # define NAME_MAX PATH_MAX
 #endif
 
+#ifndef HAVE_SYS_AUXV_H
+# include <sys/auxv.h>
+#endif
+
 #define BIT(n)                 (1 << (n))
 
 /*
@@ -446,6 +451,15 @@ fail:
 	return errno ? -errno : -1;
 }
 
+static inline bool is_privileged_execution(void)
+{
+#if defined(HAVE_GETAUXVAL) && defined(AT_SECURE)
+	return getauxval(AT_SECURE) != 0;
+#else
+	return (geteuid() != getuid()) || (getegid() != getgid());
+#endif
+}
+
 /*
  * The usleep function was marked obsolete in POSIX.1-2001 and was removed
  * in POSIX.1-2008.  It was replaced with nanosleep() that provides more
diff --git a/include/debug.h b/include/debug.h
index a59de3442..b6c0e1a92 100644
--- a/include/debug.h
+++ b/include/debug.h
@@ -36,7 +36,8 @@
 
 #include <stdarg.h>
 #include <string.h>
-#include <sys/auxv.h> // for getauxval()
+
+#include "c.h"
 
 struct ul_debug_maskname {
 	const char *name;
@@ -90,7 +91,7 @@ struct ul_debug_maskname {
 		} else \
 			lib ## _debug_mask = mask; \
 		if (lib ## _debug_mask) { \
-			if (getauxval(AT_SECURE)) { \
+			if (is_privileged_execution()) { \
 				lib ## _debug_mask |= __UL_DEBUG_FL_NOADDR; \
 				fprintf(stderr, "%d: %s: don't print memory addresses (SUID executable).\n", getpid(), # lib); \
 			} \
diff --git a/lib/env.c b/lib/env.c
index 3fc4f2e21..dc65c5584 100644
--- a/lib/env.c
+++ b/lib/env.c
@@ -16,7 +16,6 @@
 #include <sys/syscall.h>
 #endif
 #include <unistd.h>
-#include <sys/auxv.h> // for getauxval()
 #include <sys/types.h>
 
 #include "env.h"
@@ -261,7 +260,7 @@ void sanitize_env(void)
 
 char *safe_getenv(const char *arg)
 {
-	if (getauxval(AT_SECURE))
+	if (is_privileged_execution())
 		return NULL;
 #ifdef HAVE_PRCTL
 	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 0)
diff --git a/libmount/src/context.c b/libmount/src/context.c
index 84e98aa3f..46bbe378a 100644
--- a/libmount/src/context.c
+++ b/libmount/src/context.c
@@ -42,7 +42,6 @@
 #include "match.h"
 
 #include <stdarg.h>
-#include <sys/auxv.h> // for getauxval()
 #include <sys/wait.h>
 
 #include "mount-api-utils.h"
@@ -77,7 +76,7 @@ struct libmnt_context *mnt_new_context(void)
 	INIT_LIST_HEAD(&cxt->hooksets_datas);
 
 	/* if we're really root and aren't running setuid */
-	cxt->restricted = (uid_t) 0 == ruid && !getauxval(AT_SECURE) ? 0 : 1;
+	cxt->restricted = (uid_t) 0 == ruid && !is_privileged_execution() ? 0 : 1;
 
 	cxt->noautofs = 0;
 
diff --git a/login-utils/chfn.c b/login-utils/chfn.c
index adfa3d63a..059432b3d 100644
--- a/login-utils/chfn.c
+++ b/login-utils/chfn.c
@@ -29,7 +29,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <sys/auxv.h> // for getauxval()
 #include <sys/types.h>
 #include <unistd.h>
 
@@ -270,7 +269,7 @@ static void get_login_defs(struct chfn_control *ctl)
 	int broken = 0;
 
 	/* real root does not have restrictions */
-	if (!getauxval(AT_SECURE) && getuid() == 0) {
+	if (!is_privileged_execution() && getuid() == 0) {
 		ctl->allow_fullname = ctl->allow_room = ctl->allow_work = ctl->allow_home = 1;
 		return;
 	}
@@ -450,7 +449,7 @@ int main(int argc, char **argv)
 
 #ifdef HAVE_LIBUSER
 	/* If we're setuid and not really root, disallow the password change. */
-	if (getauxval(AT_SECURE) && uid != ctl.pw->pw_uid) {
+	if (is_privileged_execution() && uid != ctl.pw->pw_uid) {
 #else
 	if (uid != 0 && uid != ctl.pw->pw_uid) {
 #endif
diff --git a/login-utils/chsh.c b/login-utils/chsh.c
index 490d51864..3850bb843 100644
--- a/login-utils/chsh.c
+++ b/login-utils/chsh.c
@@ -29,7 +29,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <sys/auxv.h> // for getauxval()
 #include <sys/types.h>
 #include <unistd.h>
 
@@ -244,7 +243,7 @@ int main(int argc, char **argv)
 	/* reality check */
 #ifdef HAVE_LIBUSER
 	/* If we're setuid and not really root, disallow the password change. */
-	if (getauxval(AT_SECURE) && uid != pw->pw_uid) {
+	if (is_privileged_execution() && uid != pw->pw_uid) {
 #else
 	if (uid != 0 && uid != pw->pw_uid) {
 #endif
diff --git a/login-utils/su-common.c b/login-utils/su-common.c
index ad415cfb5..4f2856e60 100644
--- a/login-utils/su-common.c
+++ b/login-utils/su-common.c
@@ -23,7 +23,6 @@
  */
 #include <stdio.h>
 #include <getopt.h>
-#include <sys/auxv.h> // for getauxval()
 #include <sys/types.h>
 #include <pwd.h>
 #include <grp.h>
@@ -930,7 +929,7 @@ static int is_not_root(void)
 	const uid_t ruid = getuid();
 
 	/* if we're really root and aren't running setuid */
-	return (uid_t) 0 == ruid && !getauxval(AT_SECURE) ? 0 : 1;
+	return (uid_t) 0 == ruid && !is_privileged_execution() ? 0 : 1;
 }
 
 /* Don't rely on PAM and reset the most important limits. */
diff --git a/meson.build b/meson.build
index e225454d7..1e1df913e 100644
--- a/meson.build
+++ b/meson.build
@@ -238,6 +238,7 @@ headers = '''
         security/pam_appl.h
         security/pam_misc.h
         security/pam_modules.h
+        sys/auxv.h
         sys/disk.h
         sys/disklabel.h
         sys/endian.h
@@ -611,6 +612,7 @@ funcs = '''
         fsync
         getttynam
         utimensat
+        getauxval
         getdomainname
         getdtablesize
         getexecname
diff --git a/sys-utils/swapon.c b/sys-utils/swapon.c
index 0a8c40407..741812041 100644
--- a/sys-utils/swapon.c
+++ b/sys-utils/swapon.c
@@ -20,7 +20,6 @@
 #include <errno.h>
 #include <sys/stat.h>
 #include <unistd.h>
-#include <sys/auxv.h> // for getauxval()
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <fcntl.h>
@@ -349,7 +348,7 @@ static int swap_reinitialize(struct swap_device *dev)
 		return -1;
 
 	case 0:	/* child */
-		if (getauxval(AT_SECURE) && drop_permissions() != 0)
+		if (is_privileged_execution() && drop_permissions() != 0)
 			exit(EXIT_FAILURE);
 
 		cmd[idx++] = "mkswap";
diff --git a/term-utils/wall.c b/term-utils/wall.c
index fbd8e54fb..c6067a0c8 100644
--- a/term-utils/wall.c
+++ b/term-utils/wall.c
@@ -42,7 +42,6 @@
  *
  */
 
-#include <sys/auxv.h> // for getauxval()
 #include <sys/param.h>
 #include <sys/stat.h>
 #include <sys/time.h>
@@ -414,8 +413,7 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
 			 * After all, our invoker can easily do "wall < file"
 			 * instead of "wall file".
 			 */
-			uid_t uid = getuid();
-			if (uid && getauxval(AT_SECURE))
+			if (getuid() && is_privileged_execution())
 				errx(EXIT_FAILURE, _("will not read %s - use stdin."),
 				     fname);
 
diff --git a/text-utils/more.c b/text-utils/more.c
index 22f01ba24..d87af4354 100644
--- a/text-utils/more.c
+++ b/text-utils/more.c
@@ -50,7 +50,6 @@
 #include <unistd.h>
 #include <stdlib.h>
 #include <stdarg.h>
-#include <sys/auxv.h> // for getauxval()
 #include <sys/param.h>
 #include <ctype.h>
 #include <signal.h>
@@ -1274,8 +1273,7 @@ static void __attribute__((__format__ (__printf__, 3, 4)))
 		}
 		va_end(argp);
 
-		if (getauxval(AT_SECURE)
-		    && drop_permissions() != 0)
+		if (is_privileged_execution() && drop_permissions() != 0)
 			err(EXIT_FAILURE, _("drop permissions failed"));
 
 		execvp(cmd, args);