aboutsummaryrefslogtreecommitdiff
path: root/stdlib
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2012-07-25 19:46:22 +0200
committerFlorian Weimer <fweimer@redhat.com>2012-07-25 19:46:22 +0200
commit84b3fd8407cc9a2e7f487b6247681bd8a78a4560 (patch)
tree26e482f31c4fe6e36d8aa64394ff4659908bdc4f /stdlib
parent56e49b714ecd32c72c334802b00e3d62008d98e3 (diff)
downloadglibc-84b3fd8407cc9a2e7f487b6247681bd8a78a4560.zip
glibc-84b3fd8407cc9a2e7f487b6247681bd8a78a4560.tar.gz
glibc-84b3fd8407cc9a2e7f487b6247681bd8a78a4560.tar.bz2
Rename __secure_getenv to secure_getenv
Diffstat (limited to 'stdlib')
-rw-r--r--stdlib/Makefile4
-rw-r--r--stdlib/Versions7
-rw-r--r--stdlib/secure-getenv.c13
-rw-r--r--stdlib/stdlib.h4
-rw-r--r--stdlib/tst-secure-getenv.c250
5 files changed, 272 insertions, 6 deletions
diff --git a/stdlib/Makefile b/stdlib/Makefile
index f7811c5..10674f2 100644
--- a/stdlib/Makefile
+++ b/stdlib/Makefile
@@ -68,7 +68,9 @@ tests := tst-strtol tst-strtod testmb testrand testsort testdiv \
tst-atof1 tst-atof2 tst-strtod2 tst-strtod3 tst-rand48-2 \
tst-makecontext tst-strtod4 tst-strtod5 tst-qsort2 \
tst-makecontext2 tst-strtod6 tst-unsetenv1 \
- tst-makecontext3 bug-getcontext bug-fmtmsg1
+ tst-makecontext3 bug-getcontext bug-fmtmsg1 \
+ tst-secure-getenv
+tests-static := tst-secure-getenv
include ../Makeconfig
diff --git a/stdlib/Versions b/stdlib/Versions
index 2aa396e..250bd5f 100644
--- a/stdlib/Versions
+++ b/stdlib/Versions
@@ -6,7 +6,7 @@ libc {
# functions used in inline functions or macros
__strto*_internal;
- # functions used in other libraries
+ # compatibility symbol
__secure_getenv;
# a*
@@ -103,11 +103,16 @@ libc {
GLIBC_2.13 {
__fentry__;
}
+ GLIBC_2.17 {
+ secure_getenv;
+ }
GLIBC_PRIVATE {
# functions which have an additional interface since they are
# are cancelable.
__libc_system;
# Variable which needs a dynamic symbol table entry.
__abort_msg;
+ # Used from other libraries
+ __libc_secure_getenv;
}
}
diff --git a/stdlib/secure-getenv.c b/stdlib/secure-getenv.c
index f64759f..2e696e9 100644
--- a/stdlib/secure-getenv.c
+++ b/stdlib/secure-getenv.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1991, 1992, 1994, 1996, 2002 Free Software Foundation, Inc.
+/* Copyright (C) 1991-2012 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@@ -18,13 +18,20 @@
#include <stdlib.h>
#include <unistd.h>
+#include <shlib-compat.h>
+
/* Some programs and especially the libc itself have to be careful
what values to accept from the environment. This special version
checks for SUID or SGID first before doing any work. */
char *
-__secure_getenv (name)
+__libc_secure_getenv (name)
const char *name;
{
return __libc_enable_secure ? NULL : getenv (name);
}
-libc_hidden_def (__secure_getenv)
+weak_alias (__libc_secure_getenv, secure_getenv)
+libc_hidden_weak (__libc_secure_getenv)
+
+#if SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_16)
+compat_symbol (libc, __libc_secure_getenv, __secure_getenv, GLIBC_2_0);
+#endif
diff --git a/stdlib/stdlib.h b/stdlib/stdlib.h
index f652eda..cf3f39c 100644
--- a/stdlib/stdlib.h
+++ b/stdlib/stdlib.h
@@ -568,10 +568,12 @@ __BEGIN_NAMESPACE_STD
extern char *getenv (const char *__name) __THROW __nonnull ((1)) __wur;
__END_NAMESPACE_STD
+#ifdef __USE_GNU
/* This function is similar to the above but returns NULL if the
programs is running with SUID or SGID enabled. */
-extern char *__secure_getenv (const char *__name)
+extern char *secure_getenv (const char *__name)
__THROW __nonnull ((1)) __wur;
+#endif
#if defined __USE_SVID || defined __USE_XOPEN
/* The SVID says this is in <stdio.h>, but this seems a better place. */
diff --git a/stdlib/tst-secure-getenv.c b/stdlib/tst-secure-getenv.c
new file mode 100644
index 0000000..76d8de6
--- /dev/null
+++ b/stdlib/tst-secure-getenv.c
@@ -0,0 +1,250 @@
+/* Copyright (C) 2012 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+/* Test that secure_getenv works by invoking the test as a SGID
+ program with a group ID from the supplementary group list. This
+ test can fail spuriously if the user is not a member of a suitable
+ supplementary group. */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+static char MAGIC_ARGUMENT[] = "run-actual-test";
+#define MAGIC_STATUS 19
+
+static const char *test_dir;
+
+/* Return a GID which is not our current GID, but is present in the
+ supplementary group list. */
+static gid_t
+choose_gid (void)
+{
+ const int count = 64;
+ gid_t groups[count];
+ int ret = getgroups (count, groups);
+ if (ret < 0)
+ {
+ perror ("getgroups");
+ exit (1);
+ }
+ gid_t current = getgid ();
+ for (int i = 0; i < ret; ++i)
+ {
+ if (groups[i] != current)
+ return groups[i];
+ }
+ return 0;
+}
+
+
+/* Copies the executable into a restricted directory, so that we can
+ safely make it SGID with the TARGET group ID. Then runs the
+ executable. */
+static int
+run_executable_sgid (gid_t target)
+{
+ char *dirname = 0;
+ char *execname = 0;
+ int infd = -1;
+ int outfd = -1;
+ int ret = -1;
+ if (asprintf (&dirname, "%s/secure-getenv.%jd",
+ test_dir, (intmax_t) getpid ()) < 0)
+ {
+ perror ("asprintf");
+ goto err;
+ }
+ if (mkdir (dirname, 0700) < 0)
+ {
+ perror ("mkdir");
+ goto err;
+ }
+ if (asprintf (&execname, "%s/bin", dirname) < 0)
+ {
+ perror ("asprintf");
+ goto err;
+ }
+ infd = open ("/proc/self/exe", O_RDONLY);
+ if (infd < 0)
+ {
+ perror ("open");
+ goto err;
+ }
+ outfd = open (execname, O_WRONLY | O_CREAT | O_EXCL, 0700);
+ if (outfd < 0)
+ {
+ perror ("open");
+ goto err;
+ }
+ char buf[4096];
+ for (;;)
+ {
+ ssize_t rdcount = read (infd, buf, sizeof (buf));
+ if (rdcount < 0)
+ {
+ perror ("read");
+ goto err;
+ }
+ if (rdcount == 0)
+ break;
+ char *p = buf;
+ char *end = buf + rdcount;
+ while (p != end)
+ {
+ ssize_t wrcount = write (outfd, buf, end - p);
+ if (wrcount == 0)
+ errno = ENOSPC;
+ if (wrcount <= 0)
+ {
+ perror ("write");
+ goto err;
+ }
+ p += wrcount;
+ }
+ }
+ if (fchown (outfd, getuid (), target) < 0)
+ {
+ perror ("fchown");
+ goto err;
+ }
+ if (fchmod (outfd, 02750) < 0)
+ {
+ perror ("fchmod");
+ goto err;
+ }
+ if (close (outfd) < 0)
+ {
+ perror ("close");
+ goto err;
+ }
+ if (close (infd) < 0)
+ {
+ perror ("close");
+ goto err;
+ }
+
+ int kid = fork ();
+ if (kid < 0)
+ {
+ perror ("fork");
+ goto err;
+ }
+ if (kid == 0)
+ {
+ /* Child process. */
+ char *args[] = { execname, MAGIC_ARGUMENT, NULL };
+ execve (execname, args, environ);
+ perror ("execve");
+ _exit (1);
+ }
+ int status;
+ if (waitpid (kid, &status, 0) < 0)
+ {
+ perror ("waitpid");
+ goto err;
+ }
+ if (!WIFEXITED (status) || WEXITSTATUS (status) != MAGIC_STATUS)
+ {
+ fprintf (stderr, "Unexpected exit status %d from child process\n",
+ status);
+ goto err;
+ }
+ ret = 0;
+
+err:
+ if (outfd >= 0)
+ close (outfd);
+ if (infd >= 0)
+ close (infd);
+ if (execname)
+ {
+ unlink (execname);
+ free (execname);
+ }
+ if (dirname)
+ {
+ rmdir (dirname);
+ free (dirname);
+ }
+ return ret;
+}
+
+static int
+do_test (void)
+{
+ if (getenv ("PATH") == NULL)
+ {
+ fprintf (stderr, "PATH not set\n");
+ exit (1);
+ }
+ if (secure_getenv ("PATH") == NULL)
+ {
+ fprintf (stderr, "PATH not set according to secure_getenv\n");
+ exit (1);
+ }
+ if (strcmp (getenv ("PATH"), secure_getenv ("PATH")) != 0)
+ {
+ fprintf (stderr, "PATH mismatch (%s, %s)\n",
+ getenv ("PATH"), secure_getenv ("PATH"));
+ exit (1);
+ }
+
+ gid_t target = choose_gid ();
+ if (target == 0)
+ {
+ fprintf (stderr, "Could not find a suitable GID user %jd\n",
+ (intmax_t) getuid ());
+ exit (1);
+ }
+ return run_executable_sgid (target);
+}
+
+static void
+alternative_main (int argc, char **argv)
+{
+ if (argc == 2 && strcmp (argv[1], MAGIC_ARGUMENT) == 0)
+ {
+ if (getgid () == getegid ())
+ {
+ fprintf (stderr, "SGID failed: GID and EGID match (%jd)\n",
+ (intmax_t) getgid ());
+ exit (2);
+ }
+ if (getenv ("PATH") == NULL)
+ {
+ fprintf (stderr, "PATH variable not present\n");
+ exit (3);
+ }
+ if (secure_getenv ("PATH") != NULL)
+ {
+ fprintf (stderr, "PATH variable not filtered out\n");
+ exit (4);
+ }
+ exit (MAGIC_STATUS);
+ }
+}
+
+#define PREPARE(argc, argv) alternative_main(argc, argv)
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"