diff options
Diffstat (limited to 'lib/ss')
| -rw-r--r-- | lib/ss/ChangeLog | 7 | ||||
| -rw-r--r-- | lib/ss/get_readline.c | 2 | ||||
| -rw-r--r-- | lib/ss/pager.c | 31 | ||||
| -rw-r--r-- | lib/ss/ss_internal.h | 1 |
4 files changed, 39 insertions, 2 deletions
diff --git a/lib/ss/ChangeLog b/lib/ss/ChangeLog index 2dcc071f..40be15f6 100644 --- a/lib/ss/ChangeLog +++ b/lib/ss/ChangeLog @@ -1,3 +1,10 @@ +2005-03-31 Theodore Ts'o <tytso@mit.edu> + + * get_readline.c (ss_get_readline), pager.c (ss_page_stdin): If + called by a setuid/setgid or an otherwise privileged + program, be paranoid and ignore the PAGER and + SS_READLINE_PATH environment variables. + 2005-03-21 Theodore Ts'o <tytso@mit.edu> * Release of E2fsprogs 1.37 diff --git a/lib/ss/get_readline.c b/lib/ss/get_readline.c index d9499e6d..b9754d89 100644 --- a/lib/ss/get_readline.c +++ b/lib/ss/get_readline.c @@ -50,7 +50,7 @@ void ss_get_readline(int sci_idx) if (info->readline_handle) return; - libpath = getenv("SS_READLINE_PATH"); + libpath = ss_safe_getenv("SS_READLINE_PATH"); if (!libpath) libpath = DEFAULT_LIBPATH; if (*libpath == 0 || !strcmp(libpath, "none")) diff --git a/lib/ss/pager.c b/lib/ss/pager.c index ba28f97a..4030c7f7 100644 --- a/lib/ss/pager.c +++ b/lib/ss/pager.c @@ -28,11 +28,40 @@ extern int errno; #include <sys/types.h> #include <sys/file.h> #include <signal.h> +#ifdef HAVE_SYS_PRCTL_H +#include <sys/prctl.h> +#else +#define PR_GET_DUMPABLE 3 +#endif +#if (!defined(HAVE_PRCTL) && defined(linux)) +#include <sys/syscall.h> +#endif static char MORE[] = "more"; extern char *_ss_pager_name; extern char *getenv PROTOTYPE((const char *)); +char *ss_safe_getenv(const char *arg) +{ + if ((getuid() != geteuid()) || (getgid() != getgid())) + return NULL; +#if HAVE_PRCTL + if (prctl(PR_GET_DUMPABLE) == 0) + return NULL; +#else +#if (defined(linux) && defined(SYS_prctl)) + if (syscall(SYS_prctl, PR_GET_DUMPABLE) == 0) + return NULL; +#endif +#endif + +#ifdef HAVE___SECURE_GETENV + return __secure_getenv("BLKID_FILE"); +#else + return getenv("BLKID_FILE"); +#endif +} + /* * this needs a *lot* of work.... * @@ -89,7 +118,7 @@ void ss_page_stdin() sigdelset(&mask, SIGINT); sigprocmask(SIG_SETMASK, &mask, 0); if (_ss_pager_name == (char *)NULL) { - if ((_ss_pager_name = getenv("PAGER")) == (char *)NULL) + if ((_ss_pager_name = ss_safe_getenv("PAGER")) == (char *)NULL) _ss_pager_name = MORE; } (void) execlp(_ss_pager_name, _ss_pager_name, (char *) NULL); diff --git a/lib/ss/ss_internal.h b/lib/ss/ss_internal.h index 48afdbd0..15d618ee 100644 --- a/lib/ss/ss_internal.h +++ b/lib/ss/ss_internal.h @@ -89,6 +89,7 @@ void ss_page_stdin(void); void ss_list_requests(int, char const * const *, int, pointer); int ss_execute_command(int sci_idx, char *argv[]); int ss_pager_create(void); +char *ss_safe_getenv(const char *arg); char **ss_rl_completion(const char *text, int start, int end); extern ss_data **_ss_table; |