char * secure_getenv (char const *name) { #if HAVE___SECURE_GETENV /* glibc */ return __secure_getenv (name); #elif HAVE_ISSETUGID /* OS X, FreeBSD, NetBSD, OpenBSD */ if (issetugid ()) return NULL; return getenv (name); #elif HAVE_GETUID && HAVE_GETEUID && HAVE_GETGID && HAVE_GETEGID /* other Unix */ if (geteuid () != getuid () || getegid () != getgid ()) return NULL; return getenv (name); #elif (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__ /* native Windows */ /* On native Windows, there is no such concept as setuid or setgid binaries. - Programs launched as system services have high privileges, but they don't inherit environment variables from a user. - Programs launched by a user with "Run as Administrator" have high privileges and use the environment variables, but the user has been asked whether he agrees. - Programs launched by a user without "Run as Administrator" cannot gain high privileges, therefore there is no risk. */ return getenv (name); #else return NULL; #endif }
static Bool IdIsSetUGid(void) { #if defined(__ANDROID__) /* Android does not have a secure_getenv, so be conservative. */ return TRUE; #else /* * We use __secure_getenv, which returns NULL if the binary is * setuid or setgid. Alternatives include, * * a) getauxval(AT_SECURE); not available until glibc 2.16. * b) __libc_enable_secure; may not be exported. * * Use (a) when we are based on glibc 2.16, or newer. */ #if defined(__GLIBC__) && \ (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 16)) return getauxval(AT_SECURE) != 0; #else static const char envName[] = "VMW_SETUGID_TEST"; if (setenv(envName, "1", TRUE) == -1) { return TRUE; /* Conservative */ } return __secure_getenv(envName) == NULL; #endif #endif }
/*robust get environment variable that also checks __secure_getenv() */ char *mk_utils_getenv(const char *arg) { #ifdef HAVE___SECURE_GETENV return __secure_getenv(arg); #else return getenv(arg); #endif }
/* Path search algorithm, for tmpnam, tmpfile, etc. If DIR is non-null and exists, uses it; otherwise uses the first of $TMPDIR, P_tmpdir, /tmp that exists. Copies into TMPL a template suitable for use with mk[s]temp. Will fail (-1) if DIR is non-null and doesn't exist, none of the searched dirs exists, or there's not enough space in TMPL. */ int attribute_hidden ___path_search (char *tmpl, size_t tmpl_len, const char *dir, const char *pfx /*, int try_tmpdir*/) { /*const char *d; */ size_t dlen, plen; if (!pfx || !pfx[0]) { pfx = "file"; plen = 4; } else { plen = strlen (pfx); if (plen > 5) plen = 5; } /* Disable support for $TMPDIR */ #if 0 if (try_tmpdir) { d = __secure_getenv ("TMPDIR"); if (d != NULL && direxists (d)) dir = d; else if (dir != NULL && direxists (dir)) /* nothing */ ; else dir = NULL; } #endif if (dir == NULL) { if (direxists (P_tmpdir)) dir = P_tmpdir; else if (strcmp (P_tmpdir, "/tmp") != 0 && direxists ("/tmp")) dir = "/tmp"; else { __set_errno (ENOENT); return -1; } } dlen = strlen (dir); while (dlen > 1 && dir[dlen - 1] == '/') dlen--; /* remove trailing slashes */ /* check we have room for "${dir}/${pfx}XXXXXX\0" */ if (tmpl_len < dlen + 1 + plen + 6 + 1) { __set_errno (EINVAL); return -1; } sprintf (tmpl, "%.*s/%.*sXXXXXX", dlen, dir, plen, pfx); return 0; }
char * secure_getenv (char const *name) { #if HAVE___SECURE_GETENV return __secure_getenv (name); #else if (issetugid ()) return 0; return getenv (name); #endif }
void FLinuxMisc::NormalizePath(FString& InPath) { // only lowercase part of the path that is under root (if we know it) if (GHaveRootDir) { static FString Root = RootDir(); // if absolute path begins at root if (InPath.Find(Root, ESearchCase::IgnoreCase) == 0) { InPath = FPaths::Combine(*Root, *InPath.RightChop(Root.Len()).ToLower()); } } if (InPath.Contains(TEXT("~"), ESearchCase::CaseSensitive)) // case sensitive is quicker, and our substring doesn't care { static bool bHaveHome = false; static TCHAR CachedResult[ PlatformMiscLimits::MaxUserHomeDirLength ] = TEXT("~"); // init with a default value that changes nothing if (!bHaveHome) { // get user $HOME var first const char * VarValue = __secure_getenv("HOME"); if (NULL != VarValue) { FCString::Strcpy(CachedResult, ARRAY_COUNT(CachedResult) - 1, ANSI_TO_TCHAR(VarValue)); bHaveHome = true; } // if var failed if (!bHaveHome) { struct passwd * UserInfo = getpwuid(getuid()); if (NULL != UserInfo && NULL != UserInfo->pw_dir) { FCString::Strcpy(CachedResult, ARRAY_COUNT(CachedResult) - 1, ANSI_TO_TCHAR(UserInfo->pw_dir)); bHaveHome = true; } else { // fail for realz UE_LOG(LogInit, Fatal, TEXT("Could not get determine user home directory.")); } } } InPath = InPath.Replace(TEXT("~"), CachedResult, ESearchCase::CaseSensitive); } }
/* * This routine will only return a value if the we are not running as * a privileged process. */ static char *safe_getenv(const char *arg) { //if ((getuid() != geteuid()) || (getgid() != getegid())) // return NULL; #if HAVE_PRCTL if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 0) return NULL; #else #endif #ifdef HAVE___SECURE_GETENV return __secure_getenv(arg); #else return getenv(arg); #endif }
static char *safe_getenv(const char *arg) { if ((getuid() != geteuid()) || (getgid() != getegid())) return NULL; #if HAVE_PRCTL if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 0) return NULL; #else #if (defined(linux) && defined(SYS_prctl)) if (syscall(SYS_prctl, PR_GET_DUMPABLE, 0, 0, 0, 0) == 0) return NULL; #endif #endif #ifdef HAVE___SECURE_GETENV return __secure_getenv(arg); #else return getenv(arg); #endif }
const struct locale_data* _Category_create(const char * name, int category) { /* JGS, where should this path come from? */ char* locpath_var; char* locale_path = NULL; size_t locale_path_len = 0; locpath_var = __secure_getenv("LOCPATH"); if (locpath_var != NULL && locpath_var[0] != '\0') if (argz_create_sep (locpath_var, ':', &locale_path, &locale_path_len) != 0) return NULL; if (argz_add_sep (&locale_path, &locale_path_len, __LOCALE_PATH, ':') != 0) return NULL; return _Find_locale(locale_path, locale_path_len, category, (char**)&name); }