From: "Daniel P. Berrange" <berrange@xxxxxxxxxx> The use of getenv is typically insecure, and we want people to use our wrappers, to force them to think about setuid needs. Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx> --- cfg.mk | 8 ++++++++ src/util/virutil.c | 4 ++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/cfg.mk b/cfg.mk index 3e44439..56821e2 100644 --- a/cfg.mk +++ b/cfg.mk @@ -859,6 +859,11 @@ sc_prohibit_unbounded_arrays_in_rpc: halt='Arrays in XDR must have a upper limit set for <NNN>' \ $(_sc_search_regexp) +sc_prohibit_getenv: + @prohibit='\b(secure_)?getenv *\(' \ + exclude='exempt from syntax-check' \ + halt='Use virGetEnv{Allow,Block}SUID instead of getenv' \ + $(_sc_search_regexp) # We don't use this feature of maint.mk. prev_version_file = /dev/null @@ -1028,3 +1033,6 @@ exclude_file_name_regexp--sc_prohibit_include_public_headers_brackets = \ exclude_file_name_regexp--sc_prohibit_int_ijk = \ ^(src/remote_protocol-structs|src/remote/remote_protocol.x|cfg.mk|include/)$ + +exclude_file_name_regexp--sc_prohibit_getenv = \ + ^tests/.*\.[ch]$$ diff --git a/src/util/virutil.c b/src/util/virutil.c index 7e24b4a..87cc2e7 100644 --- a/src/util/virutil.c +++ b/src/util/virutil.c @@ -2143,7 +2143,7 @@ cleanup: */ const char *virGetEnvBlockSUID(const char *name) { - return secure_getenv(name); + return secure_getenv(name); /* exempt from syntax-check-rules */ } @@ -2157,7 +2157,7 @@ const char *virGetEnvBlockSUID(const char *name) */ const char *virGetEnvAllowSUID(const char *name) { - return getenv(name); + return getenv(name); /* exempt from syntax-check-rules */ } -- 1.8.3.1 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list