Unconditional use of getenv is not secure in setuid env.
While not all libvirt code runs in a setuid env (since
much of it only exists inside libvirtd) this is not always
clear to developers. So make all the code paranoid, even
if it only ever runs inside libvirtd.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
goto cleanup;
}
- config_home = getenv("XDG_CONFIG_HOME");
+ config_home = virGetEnvBlockSUID("XDG_CONFIG_HOME");
if (config_home && config_home[0] != '\0') {
if (VIR_STRDUP(xdg_dir, config_home) < 0)
goto cleanup;
#include "driver.h"
#include "viralloc.h"
#include "virlog.h"
+#include "virutil.h"
#include "configmake.h"
#include "virstring.h"
void
virDriverModuleInitialize(const char *defmoddir)
{
- const char *custommoddir = getenv("LIBVIRT_DRIVER_DIR");
+ const char *custommoddir = virGetEnvBlockSUID("LIBVIRT_DRIVER_DIR");
if (custommoddir)
moddir = custommoddir;
else if (defmoddir)
{
int ret = -1;
virConfValuePtr value = NULL;
- char *defname = getenv("LIBVIRT_DEFAULT_URI");
+ const char *defname = virGetEnvBlockSUID("LIBVIRT_DEFAULT_URI");
if (defname && *defname) {
VIR_DEBUG("Using LIBVIRT_DEFAULT_URI '%s'", defname);
*name = defname;
VIR_DEBUG("Setting up networking from systemd");
- if (!(pidstr = getenv("LISTEN_PID"))) {
+ if (!(pidstr = virGetEnvAllowSUID("LISTEN_PID"))) {
VIR_DEBUG("No LISTEN_FDS from systemd");
return 0;
}
return 0;
}
- if (!(fdstr = getenv("LISTEN_FDS"))) {
+ if (!(fdstr = virGetEnvAllowSUID("LISTEN_FDS"))) {
VIR_DEBUG("No LISTEN_FDS from systemd");
return 0;
}
static const char *
virLockManagerLockDaemonFindDaemon(void)
{
- const char *customDaemon = getenv("VIRTLOCKD_PATH");
+ const char *customDaemon = virGetEnvBlockSUID("VIRTLOCKD_PATH");
if (customDaemon)
return customDaemon;
void *handle = NULL;
virLockDriverPtr driver;
virLockManagerPluginPtr plugin = NULL;
- const char *moddir = getenv("LIBVIRT_LOCK_MANAGER_PLUGIN_DIR");
+ const char *moddir = virGetEnvBlockSUID("LIBVIRT_LOCK_MANAGER_PLUGIN_DIR");
char *modfile = NULL;
char *configFile = NULL;
void *opaque ATTRIBUTE_UNUSED)
{
virCapsPtr caps = NULL;
- char *ld;
+ const char *ld;
virLXCDriverConfigPtr cfg = NULL;
/* Valgrind gets very annoyed when we clone containers, so
* disable LXC when under valgrind
* XXX remove this when valgrind is fixed
*/
- ld = getenv("LD_PRELOAD");
+ ld = virGetEnvBlockSUID("LD_PRELOAD");
if (ld && strstr(ld, "vgpreload")) {
VIR_INFO("Running under valgrind, disabling driver");
return 0;
NULL
};
size_t i;
- const char *customDaemon = getenv("LIBVIRTD_PATH");
+ const char *customDaemon = virGetEnvBlockSUID("LIBVIRTD_PATH");
if (customDaemon)
return customDaemon;
{
struct private_data *priv;
int ret, rflags = 0;
- const char *autostart = getenv("LIBVIRT_AUTOSTART");
+ const char *autostart = virGetEnvBlockSUID("LIBVIRT_AUTOSTART");
if (inside_daemon && (!conn->uri || (conn->uri && !conn->uri->server)))
return VIR_DRV_OPEN_DECLINED;
bool isServer)
{
virNetTLSContextPtr ctxt;
- char *gnutlsdebug;
+ const char *gnutlsdebug;
int err;
if (virNetTLSContextInitialize() < 0)
if (!(ctxt = virObjectLockableNew(virNetTLSContextClass)))
return NULL;
- if ((gnutlsdebug = getenv("LIBVIRT_GNUTLS_DEBUG")) != NULL) {
+ if ((gnutlsdebug = virGetEnvAllowSUID("LIBVIRT_GNUTLS_DEBUG")) != NULL) {
int val;
if (virStrToLong_i(gnutlsdebug, NULL, 10, &val) < 0)
val = 10;
{
int ret = -1;
size_t i;
- const char *authenv = getenv("LIBVIRT_AUTH_FILE");
+ const char *authenv = virGetEnvBlockSUID("LIBVIRT_AUTH_FILE");
char *userdir = NULL;
*path = NULL;
char *
virFindFileInPath(const char *file)
{
+ const char *origpath = NULL;
char *path = NULL;
char *pathiter;
char *pathseg;
}
/* copy PATH env so we can tweak it */
- path = getenv("PATH");
+ origpath = virGetEnvBlockSUID("PATH");
+ if (!origpath)
+ origpath = "/bin:/usr/bin";
- if (VIR_STRDUP_QUIET(path, path) <= 0)
+ if (VIR_STRDUP_QUIET(path, origpath) <= 0)
return NULL;
/* for each path segment, append the file to search for and test for
void
virLogSetFromEnv(void)
{
- char *debugEnv;
+ const char *debugEnv;
if (virLogInitialize() < 0)
return;
- debugEnv = getenv("LIBVIRT_DEBUG");
+ debugEnv = virGetEnvAllowSUID("LIBVIRT_DEBUG");
if (debugEnv && *debugEnv)
virLogParseDefaultPriority(debugEnv);
- debugEnv = getenv("LIBVIRT_LOG_FILTERS");
+ debugEnv = virGetEnvAllowSUID("LIBVIRT_LOG_FILTERS");
if (debugEnv && *debugEnv)
virLogParseFilters(debugEnv);
- debugEnv = getenv("LIBVIRT_LOG_OUTPUTS");
+ debugEnv = virGetEnvAllowSUID("LIBVIRT_LOG_OUTPUTS");
if (debugEnv && *debugEnv)
virLogParseOutputs(debugEnv);
}
/* Normally we want a decent seed. But if reproducible debugging
* of a fixed pseudo-random sequence is ever required, uncomment
* this block to let an environment variable force the seed. */
- const char *debug = getenv("VIR_DEBUG_RANDOM_SEED");
+ const char *debug = virGetEnvBlockSUID("VIR_DEBUG_RANDOM_SEED");
if (debug && virStrToLong_ui(debug, NULL, 0, &seed) < 0)
return -1;
static char *virGetXDGDirectory(const char *xdgenvname, const char *xdgdefdir)
{
- const char *path = getenv(xdgenvname);
+ const char *path = virGetEnvBlockSUID(xdgenvname);
char *ret = NULL;
char *home = NULL;
char *virGetUserRuntimeDirectory(void)
{
- const char *path = getenv("XDG_RUNTIME_DIR");
+ const char *path = virGetEnvBlockSUID("XDG_RUNTIME_DIR");
if (!path || !path[0]) {
return virGetUserCacheDirectory();
const char *dir;
char *ret;
- dir = getenv("HOME");
+ dir = virGetEnvBlockSUID("HOME");
/* Only believe HOME if it is an absolute path and exists */
if (dir) {
if (!dir)
/* USERPROFILE is probably the closest equivalent to $HOME? */
- dir = getenv("USERPROFILE");
+ dir = virGetEnvBlockSUID("USERPROFILE");
if (VIR_STRDUP(ret, dir) < 0)
return NULL;
"/usr/local/lib/VirtualBox",
"/Applications/VirtualBox.app/Contents/MacOS"
};
- const char *home = getenv("VBOX_APP_HOME");
+ const char *home = virGetEnvBlockSUID("VBOX_APP_HOME");
/* If the user specifies the location, try only that. */
if (home != NULL) {
vboxIID iid = VBOX_IID_INITIALIZER;
int gotAllABoutDef = -1;
nsresult rc;
- char *tmp;
/* Flags checked by virDomainDefFormat */
}
} else if ((vrdpPresent != 1) && (totalPresent == 0) && (VIR_ALLOC_N(def->graphics, 1) >= 0)) {
if (VIR_ALLOC(def->graphics[def->ngraphics]) >= 0) {
+ const char *tmp;
def->graphics[def->ngraphics]->type = VIR_DOMAIN_GRAPHICS_TYPE_DESKTOP;
- tmp = getenv("DISPLAY");
+ tmp = virGetEnvBlockSUID("DISPLAY");
if (VIR_STRDUP(def->graphics[def->ngraphics]->data.desktop.display, tmp) < 0) {
/* just don't go to cleanup yet as it is ok to have
* display as NULL
{
virFreeError(last_error);
last_error = virSaveLastError();
- if (getenv("VIRSH_DEBUG") != NULL)
+ if (virGetEnvAllowSUID("VIRSH_DEBUG") != NULL)
virDefaultErrorFunc(error);
}
int fd;
char ebuf[1024];
- tmpdir = getenv("TMPDIR");
+ tmpdir = virGetEnvBlockSUID("TMPDIR");
if (!tmpdir) tmpdir = "/tmp";
if (virAsprintf(&ret, "%s/virshXXXXXX.xml", tmpdir) < 0) {
vshError(ctl, "%s", _("out of memory"));
int outfd = STDOUT_FILENO;
int errfd = STDERR_FILENO;
- editor = getenv("VISUAL");
+ editor = virGetEnvBlockSUID("VISUAL");
if (!editor)
- editor = getenv("EDITOR");
+ editor = virGetEnvBlockSUID("EDITOR");
if (!editor)
editor = "vi"; /* could be cruel & default to ed(1) here */
static void
vshInitDebug(vshControl *ctl)
{
- char *debugEnv;
+ const char *debugEnv;
if (ctl->debug == VSH_DEBUG_DEFAULT) {
/* log level not set from commandline, check env variable */
- debugEnv = getenv("VIRSH_DEBUG");
+ debugEnv = virGetEnvAllowSUID("VIRSH_DEBUG");
if (debugEnv) {
int debug;
if (virStrToLong_i(debugEnv, NULL, 10, &debug) < 0 ||
if (ctl->logfile == NULL) {
/* log file not set from cmdline */
- debugEnv = getenv("VIRSH_LOG_FILE");
+ debugEnv = virGetEnvBlockSUID("VIRSH_LOG_FILE");
if (debugEnv && *debugEnv) {
ctl->logfile = vshStrdup(ctl, debugEnv);
vshOpenLogFile(ctl);
main(int argc, char **argv)
{
vshControl _ctl, *ctl = &_ctl;
- char *defaultConn;
+ const char *defaultConn;
bool ret = true;
memset(ctl, 0, sizeof(vshControl));
else
progname++;
- if ((defaultConn = getenv("VIRSH_DEFAULT_CONNECT_URI"))) {
+ if ((defaultConn = virGetEnvBlockSUID("VIRSH_DEFAULT_CONNECT_URI"))) {
ctl->name = vshStrdup(ctl, defaultConn);
}
projects / thirdparty / libvirt.git / commitdiff
