diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/blkid/ChangeLog | 9 | ||||
| -rw-r--r-- | lib/blkid/cache.c | 40 | ||||
| -rw-r--r-- | lib/ext2fs/ChangeLog | 6 | ||||
| -rw-r--r-- | lib/ext2fs/test_io.c | 39 | ||||
| -rw-r--r-- | lib/ss/ChangeLog | 7 | ||||
| -rw-r--r-- | lib/ss/get_readline.c | 2 | ||||
| -rw-r--r-- | lib/ss/pager.c | 31 | ||||
| -rw-r--r-- | lib/ss/ss_internal.h | 1 |
8 files changed, 126 insertions, 9 deletions
diff --git a/lib/blkid/ChangeLog b/lib/blkid/ChangeLog index bfa6070b..5d9ef2e8 100644 --- a/lib/blkid/ChangeLog +++ b/lib/blkid/ChangeLog @@ -1,3 +1,12 @@ +2005-03-31 Theodore Ts'o <tytso@mit.edu> + + * cache.c (blkid_get_cache): Use a much more paranoid + safe_getenv() function which will ignore the BLKID_FILE + environment varaible if the application program is setgid + or on a Linux system, if kernel doesn't think the process + is eligible to create a core dump. Also if glibc has + __secure_getenv(), then use it. + 2005-03-21 Theodore Ts'o <tytso@mit.edu> * Release of E2fsprogs 1.37 diff --git a/lib/blkid/cache.c b/lib/blkid/cache.c index 12cae0c1..5813bbc5 100644 --- a/lib/blkid/cache.c +++ b/lib/blkid/cache.c @@ -10,12 +10,48 @@ * %End-Header% */ +#if HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_ERRNO_H +#include <errno.h> +#endif #include <stdlib.h> #include <string.h> +#ifdef HAVE_SYS_PRCTL_H +#include <sys/prctl.h> +#else +#define PR_GET_DUMPABLE 3 +#endif +#if (!defined(HAVE_PRCTL) && defined(linux)) +#include <sys/syscall.h> +#endif #include "blkidP.h" int blkid_debug_mask = 0; + +static char *safe_getenv(const char *arg) +{ + if ((getuid() != geteuid()) || (getgid() != getgid())) + return NULL; +#if HAVE_PRCTL + if (prctl(PR_GET_DUMPABLE) == 0) + return NULL; +#else +#if (defined(linux) && defined(SYS_prctl)) + if (syscall(SYS_prctl, PR_GET_DUMPABLE) == 0) + return NULL; +#endif +#endif + +#ifdef HAVE___SECURE_GETENV + return __secure_getenv("BLKID_FILE"); +#else + return getenv("BLKID_FILE"); +#endif +} + int blkid_get_cache(blkid_cache *ret_cache, const char *filename) { blkid_cache cache; @@ -41,8 +77,8 @@ int blkid_get_cache(blkid_cache *ret_cache, const char *filename) if (filename && !strlen(filename)) filename = 0; - if (!filename && (getuid() == geteuid())) - filename = getenv("BLKID_FILE"); + if (!filename) + filename = safe_getenv("BLKID_FILE"); if (!filename) filename = BLKID_CACHE_FILE; cache->bic_filename = blkid_strdup(filename); diff --git a/lib/ext2fs/ChangeLog b/lib/ext2fs/ChangeLog index b2a829ab..a90dcbaf 100644 --- a/lib/ext2fs/ChangeLog +++ b/lib/ext2fs/ChangeLog @@ -1,3 +1,9 @@ +2005-03-31 Theodore Ts'o <tytso@mit.edu> + + * test_io.c (test_open): If called by a setuid/setgid or an + otherwise privileged program, be paranoid and ignore the + TEST_IO_* environment variables. + 2005-03-21 Theodore Ts'o <tytso@mit.edu> * Release of E2fsprogs 1.37 diff --git a/lib/ext2fs/test_io.c b/lib/ext2fs/test_io.c index 6a3b248e..f4d9b995 100644 --- a/lib/ext2fs/test_io.c +++ b/lib/ext2fs/test_io.c @@ -22,6 +22,14 @@ #if HAVE_SYS_TYPES_H #include <sys/types.h> #endif +#ifdef HAVE_SYS_PRCTL_H +#include <sys/prctl.h> +#else +#define PR_GET_DUMPABLE 3 +#endif +#if (!defined(HAVE_PRCTL) && defined(linux)) +#include <sys/syscall.h> +#endif #include "ext2_fs.h" #include "ext2fs.h" @@ -132,6 +140,27 @@ static void test_abort(io_channel channel, unsigned long block) abort(); } +static char *safe_getenv(const char *arg) +{ + if ((getuid() != geteuid()) || (getgid() != getgid())) + return NULL; +#if HAVE_PRCTL + if (prctl(PR_GET_DUMPABLE) == 0) + return NULL; +#else +#if (defined(linux) && defined(SYS_prctl)) + if (syscall(SYS_prctl, PR_GET_DUMPABLE) == 0) + return NULL; +#endif +#endif + +#ifdef HAVE___SECURE_GETENV + return __secure_getenv("BLKID_FILE"); +#else + return getenv("BLKID_FILE"); +#endif +} + static errcode_t test_open(const char *name, int flags, io_channel *channel) { io_channel io = NULL; @@ -178,25 +207,25 @@ static errcode_t test_open(const char *name, int flags, io_channel *channel) data->write_byte = test_io_cb_write_byte; data->outfile = NULL; - if ((value = getenv("TEST_IO_LOGFILE")) != NULL) + if ((value = safe_getenv("TEST_IO_LOGFILE")) != NULL) data->outfile = fopen(value, "w"); if (!data->outfile) data->outfile = stderr; data->flags = 0; - if ((value = getenv("TEST_IO_FLAGS")) != NULL) + if ((value = safe_getenv("TEST_IO_FLAGS")) != NULL) data->flags = strtoul(value, NULL, 0); data->block = 0; - if ((value = getenv("TEST_IO_BLOCK")) != NULL) + if ((value = safe_getenv("TEST_IO_BLOCK")) != NULL) data->block = strtoul(value, NULL, 0); data->read_abort_count = 0; - if ((value = getenv("TEST_IO_READ_ABORT")) != NULL) + if ((value = safe_getenv("TEST_IO_READ_ABORT")) != NULL) data->read_abort_count = strtoul(value, NULL, 0); data->write_abort_count = 0; - if ((value = getenv("TEST_IO_WRITE_ABORT")) != NULL) + if ((value = safe_getenv("TEST_IO_WRITE_ABORT")) != NULL) data->write_abort_count = strtoul(value, NULL, 0); *channel = io; diff --git a/lib/ss/ChangeLog b/lib/ss/ChangeLog index 2dcc071f..40be15f6 100644 --- a/lib/ss/ChangeLog +++ b/lib/ss/ChangeLog @@ -1,3 +1,10 @@ +2005-03-31 Theodore Ts'o <tytso@mit.edu> + + * get_readline.c (ss_get_readline), pager.c (ss_page_stdin): If + called by a setuid/setgid or an otherwise privileged + program, be paranoid and ignore the PAGER and + SS_READLINE_PATH environment variables. + 2005-03-21 Theodore Ts'o <tytso@mit.edu> * Release of E2fsprogs 1.37 diff --git a/lib/ss/get_readline.c b/lib/ss/get_readline.c index d9499e6d..b9754d89 100644 --- a/lib/ss/get_readline.c +++ b/lib/ss/get_readline.c @@ -50,7 +50,7 @@ void ss_get_readline(int sci_idx) if (info->readline_handle) return; - libpath = getenv("SS_READLINE_PATH"); + libpath = ss_safe_getenv("SS_READLINE_PATH"); if (!libpath) libpath = DEFAULT_LIBPATH; if (*libpath == 0 || !strcmp(libpath, "none")) diff --git a/lib/ss/pager.c b/lib/ss/pager.c index ba28f97a..4030c7f7 100644 --- a/lib/ss/pager.c +++ b/lib/ss/pager.c @@ -28,11 +28,40 @@ extern int errno; #include <sys/types.h> #include <sys/file.h> #include <signal.h> +#ifdef HAVE_SYS_PRCTL_H +#include <sys/prctl.h> +#else +#define PR_GET_DUMPABLE 3 +#endif +#if (!defined(HAVE_PRCTL) && defined(linux)) +#include <sys/syscall.h> +#endif static char MORE[] = "more"; extern char *_ss_pager_name; extern char *getenv PROTOTYPE((const char *)); +char *ss_safe_getenv(const char *arg) +{ + if ((getuid() != geteuid()) || (getgid() != getgid())) + return NULL; +#if HAVE_PRCTL + if (prctl(PR_GET_DUMPABLE) == 0) + return NULL; +#else +#if (defined(linux) && defined(SYS_prctl)) + if (syscall(SYS_prctl, PR_GET_DUMPABLE) == 0) + return NULL; +#endif +#endif + +#ifdef HAVE___SECURE_GETENV + return __secure_getenv("BLKID_FILE"); +#else + return getenv("BLKID_FILE"); +#endif +} + /* * this needs a *lot* of work.... * @@ -89,7 +118,7 @@ void ss_page_stdin() sigdelset(&mask, SIGINT); sigprocmask(SIG_SETMASK, &mask, 0); if (_ss_pager_name == (char *)NULL) { - if ((_ss_pager_name = getenv("PAGER")) == (char *)NULL) + if ((_ss_pager_name = ss_safe_getenv("PAGER")) == (char *)NULL) _ss_pager_name = MORE; } (void) execlp(_ss_pager_name, _ss_pager_name, (char *) NULL); diff --git a/lib/ss/ss_internal.h b/lib/ss/ss_internal.h index 48afdbd0..15d618ee 100644 --- a/lib/ss/ss_internal.h +++ b/lib/ss/ss_internal.h @@ -89,6 +89,7 @@ void ss_page_stdin(void); void ss_list_requests(int, char const * const *, int, pointer); int ss_execute_command(int sci_idx, char *argv[]); int ss_pager_create(void); +char *ss_safe_getenv(const char *arg); char **ss_rl_completion(const char *text, int start, int end); extern ss_data **_ss_table; |