diff options
Diffstat (limited to '')
-rw-r--r-- | lib/secure_getenv.c | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/lib/secure_getenv.c b/lib/secure_getenv.c new file mode 100644 index 0000000..ebe98db --- /dev/null +++ b/lib/secure_getenv.c @@ -0,0 +1,54 @@ +/* Look up an environment variable, returning NULL in insecure situations. + + Copyright 2013-2018 Free Software Foundation, Inc. + + This program is free software: you can redistribute it and/or modify it + under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <https://www.gnu.org/licenses/>. */ + +#include <config.h> + +#include <stdlib.h> + +#if !HAVE___SECURE_GETENV +# if HAVE_ISSETUGID || (HAVE_GETUID && HAVE_GETEUID && HAVE_GETGID && HAVE_GETEGID) +# include <unistd.h> +# endif +#endif + +char * +secure_getenv (char const *name) +{ +#if HAVE___SECURE_GETENV /* glibc */ + return __secure_getenv (name); +#elif HAVE_ISSETUGID /* OS X, FreeBSD, NetBSD, OpenBSD */ + if (issetugid ()) + return NULL; + return getenv (name); +#elif HAVE_GETUID && HAVE_GETEUID && HAVE_GETGID && HAVE_GETEGID /* other Unix */ + if (geteuid () != getuid () || getegid () != getgid ()) + return NULL; + return getenv (name); +#elif defined _WIN32 && ! defined __CYGWIN__ /* native Windows */ + /* On native Windows, there is no such concept as setuid or setgid binaries. + - Programs launched as system services have high privileges, but they don't + inherit environment variables from a user. + - Programs launched by a user with "Run as Administrator" have high + privileges and use the environment variables, but the user has been asked + whether he agrees. + - Programs launched by a user without "Run as Administrator" cannot gain + high privileges, therefore there is no risk. */ + return getenv (name); +#else + return NULL; +#endif +} |