Beispiel #1
0
char *
secure_getenv (char const *name)
{
#if HAVE___SECURE_GETENV /* glibc */
  return __secure_getenv (name);
#elif HAVE_ISSETUGID /* OS X, FreeBSD, NetBSD, OpenBSD */
  if (issetugid ())
    return NULL;
  return getenv (name);
#elif HAVE_GETUID && HAVE_GETEUID && HAVE_GETGID && HAVE_GETEGID /* other Unix */
  if (geteuid () != getuid () || getegid () != getgid ())
    return NULL;
  return getenv (name);
#elif (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__ /* native Windows */
  /* On native Windows, there is no such concept as setuid or setgid binaries.
     - Programs launched as system services have high privileges, but they don't
       inherit environment variables from a user.
     - Programs launched by a user with "Run as Administrator" have high
       privileges and use the environment variables, but the user has been asked
       whether he agrees.
     - Programs launched by a user without "Run as Administrator" cannot gain
       high privileges, therefore there is no risk. */
  return getenv (name);
#else
  return NULL;
#endif
}
Beispiel #2
0
static Bool
IdIsSetUGid(void)
{
#if defined(__ANDROID__)
   /* Android does not have a secure_getenv, so be conservative. */
   return TRUE;
#else
   /*
    * We use __secure_getenv, which returns NULL if the binary is
    * setuid or setgid. Alternatives include,
    *
    *   a) getauxval(AT_SECURE); not available until glibc 2.16.
    *   b) __libc_enable_secure; may not be exported.
    *
    * Use (a) when we are based on glibc 2.16, or newer.
    */

#if defined(__GLIBC__) && \
           (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 16))
   return getauxval(AT_SECURE) != 0;
#else
   static const char envName[] = "VMW_SETUGID_TEST";

   if (setenv(envName, "1", TRUE) == -1) {
      return TRUE; /* Conservative */
   }
   return __secure_getenv(envName) == NULL;
#endif
#endif
}
Beispiel #3
0
/*robust get environment variable that also checks __secure_getenv() */
char *mk_utils_getenv(const char *arg)
{
#ifdef HAVE___SECURE_GETENV
    return __secure_getenv(arg);
#else
    return getenv(arg);
#endif
}
Beispiel #4
0
/* Path search algorithm, for tmpnam, tmpfile, etc.  If DIR is
   non-null and exists, uses it; otherwise uses the first of $TMPDIR,
   P_tmpdir, /tmp that exists.  Copies into TMPL a template suitable
   for use with mk[s]temp.  Will fail (-1) if DIR is non-null and
   doesn't exist, none of the searched dirs exists, or there's not
   enough space in TMPL. */
int attribute_hidden ___path_search (char *tmpl, size_t tmpl_len, const char *dir,
	const char *pfx /*, int try_tmpdir*/)
{
    /*const char *d; */
    size_t dlen, plen;

    if (!pfx || !pfx[0])
    {
	pfx = "file";
	plen = 4;
    }
    else
    {
	plen = strlen (pfx);
	if (plen > 5)
	    plen = 5;
    }

    /* Disable support for $TMPDIR */
#if 0
    if (try_tmpdir)
    {
	d = __secure_getenv ("TMPDIR");
	if (d != NULL && direxists (d))
	    dir = d;
	else if (dir != NULL && direxists (dir))
	    /* nothing */ ;
	else
	    dir = NULL;
    }
#endif
    if (dir == NULL)
    {
	if (direxists (P_tmpdir))
	    dir = P_tmpdir;
	else if (strcmp (P_tmpdir, "/tmp") != 0 && direxists ("/tmp"))
	    dir = "/tmp";
	else
	{
	    __set_errno (ENOENT);
	    return -1;
	}
    }

    dlen = strlen (dir);
    while (dlen > 1 && dir[dlen - 1] == '/')
	dlen--;			/* remove trailing slashes */

    /* check we have room for "${dir}/${pfx}XXXXXX\0" */
    if (tmpl_len < dlen + 1 + plen + 6 + 1)
    {
	__set_errno (EINVAL);
	return -1;
    }

    sprintf (tmpl, "%.*s/%.*sXXXXXX", dlen, dir, plen, pfx);
    return 0;
}
Beispiel #5
0
char *
secure_getenv (char const *name)
{
#if HAVE___SECURE_GETENV
  return __secure_getenv (name);
#else
  if (issetugid ())
    return 0;
  return getenv (name);
#endif
}
void FLinuxMisc::NormalizePath(FString& InPath)
{
	// only lowercase part of the path that is under root (if we know it)
	if (GHaveRootDir)
	{
		static FString Root = RootDir();
		// if absolute path begins at root
		if (InPath.Find(Root, ESearchCase::IgnoreCase) == 0)
		{
			InPath = FPaths::Combine(*Root, *InPath.RightChop(Root.Len()).ToLower());
		}
	}

	if (InPath.Contains(TEXT("~"), ESearchCase::CaseSensitive))	// case sensitive is quicker, and our substring doesn't care
	{
		static bool bHaveHome = false;
		static TCHAR CachedResult[ PlatformMiscLimits::MaxUserHomeDirLength ] = TEXT("~");	// init with a default value that changes nothing

		if (!bHaveHome)
		{
			//  get user $HOME var first
			const char * VarValue = __secure_getenv("HOME");
			if (NULL != VarValue)
			{
				FCString::Strcpy(CachedResult, ARRAY_COUNT(CachedResult) - 1, ANSI_TO_TCHAR(VarValue));
				bHaveHome = true;
			}

			// if var failed
			if (!bHaveHome)
			{
				struct passwd * UserInfo = getpwuid(getuid());
				if (NULL != UserInfo && NULL != UserInfo->pw_dir)
				{
					FCString::Strcpy(CachedResult, ARRAY_COUNT(CachedResult) - 1, ANSI_TO_TCHAR(UserInfo->pw_dir));
					bHaveHome = true;
				}
				else
				{
					// fail for realz
					UE_LOG(LogInit, Fatal, TEXT("Could not get determine user home directory."));
				}
			}
		}

		InPath = InPath.Replace(TEXT("~"), CachedResult, ESearchCase::CaseSensitive);
	}
}
/*
 * This routine will only return a value if the we are not running as
 * a privileged process.
 */
static char *safe_getenv(const char *arg)
{
	//if ((getuid() != geteuid()) || (getgid() != getegid()))
	//	return NULL;
#if HAVE_PRCTL
	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 0)
		return NULL;
#else

#endif

#ifdef HAVE___SECURE_GETENV
	return __secure_getenv(arg);
#else
	return getenv(arg);
#endif
}
Beispiel #8
0
static char *safe_getenv(const char *arg)
{
	if ((getuid() != geteuid()) || (getgid() != getegid()))
		return NULL;
#if HAVE_PRCTL
	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 0)
		return NULL;
#else
#if (defined(linux) && defined(SYS_prctl))
	if (syscall(SYS_prctl, PR_GET_DUMPABLE, 0, 0, 0, 0) == 0)
		return NULL;
#endif
#endif

#ifdef HAVE___SECURE_GETENV
	return __secure_getenv(arg);
#else
	return getenv(arg);
#endif
}
Beispiel #9
0
const struct locale_data*
_Category_create(const char * name, int category)
{
  /* JGS, where should this path come from? */
  char* locpath_var;
  char* locale_path = NULL;
  size_t locale_path_len = 0;

  locpath_var = __secure_getenv("LOCPATH");

  if (locpath_var != NULL && locpath_var[0] != '\0')
    if (argz_create_sep (locpath_var, ':',
       &locale_path, &locale_path_len) != 0)
      return NULL;

  if (argz_add_sep (&locale_path, &locale_path_len, __LOCALE_PATH, ':') != 0)
    return NULL;

  return _Find_locale(locale_path, locale_path_len,
                      category, (char**)&name);
}