static void __remove_unsafe_environment_variables() { // None of these should be allowed in setuid programs. static const char* const UNSAFE_VARIABLE_NAMES[] = { "GCONV_PATH", "GETCONF_DIR", "HOSTALIASES", "LD_AOUT_LIBRARY_PATH", "LD_AOUT_PRELOAD", "LD_AUDIT", "LD_DEBUG", "LD_DEBUG_OUTPUT", "LD_DYNAMIC_WEAK", "LD_LIBRARY_PATH", "LD_ORIGIN_PATH", "LD_PRELOAD", "LD_PROFILE", "LD_SHOW_AUXV", "LD_USE_LOAD_BIAS", "LOCALDOMAIN", "LOCPATH", "MALLOC_CHECK_", "MALLOC_TRACE", "NIS_PATH", "NLSPATH", "RESOLV_HOST_CONF", "RES_OPTIONS", "TMPDIR", "TZDIR", NULL }; for (size_t i = 0; UNSAFE_VARIABLE_NAMES[i] != NULL; ++i) { linker_env_unset(UNSAFE_VARIABLE_NAMES[i]); } }
/* Remove unsafe environment variables. This should be used when * running setuid programs. */ void linker_env_secure(void) { /* The same list than GLibc at this point */ static const char* const unsec_vars[] = { "GCONV_PATH", "GETCONF_DIR", "HOSTALIASES", "LD_AUDIT", "LD_DEBUG", "LD_DEBUG_OUTPUT", "LD_DYNAMIC_WEAK", "LD_LIBRARY_PATH", "LD_ORIGIN_PATH", "LD_PRELOAD", "LD_PROFILE", "LD_SHOW_AUXV", "LD_USE_LOAD_BIAS", "LOCALDOMAIN", "LOCPATH", "MALLOC_TRACE", "MALLOC_CHECK_", "NIS_PATH", "NLSPATH", "RESOLV_HOST_CONF", "RES_OPTIONS", "TMPDIR", "TZDIR", "LD_AOUT_LIBRARY_PATH", "LD_AOUT_PRELOAD", }; const char* const* cp = unsec_vars; const char* const* endp = cp + sizeof(unsec_vars)/sizeof(unsec_vars[0]); while (cp < endp) { linker_env_unset(*cp); cp++; } }