This is part of a series of improvements from a 2008 version of spd_readdir.c that somehow didn't make it into the version which we checked into e2fsprogs git tree. Signed-off-by: "Theodore Ts'o" <tytso@xxxxxxx> --- contrib/spd_readdir.c | 34 ++++++++++++++++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) diff --git a/contrib/spd_readdir.c b/contrib/spd_readdir.c index f89832c..30c01b3 100644 --- a/contrib/spd_readdir.c +++ b/contrib/spd_readdir.c @@ -27,6 +27,10 @@ #define MAX_DIRSIZE 0 #define DEBUG +/* Util we autoconfiscate spd_readdir... */ +#define HAVE___SECURE_GETENV 1 +#define HAVE_PRCTL 1 +#define HAVE_SYS_PRCTL_H 1 #ifdef DEBUG #define DEBUG_DIR(x) {if (do_debug) { x; }} @@ -46,6 +50,11 @@ #include <dirent.h> #include <errno.h> #include <dlfcn.h> +#ifdef HAVE_SYS_PRCTL_H +#include <sys/prctl.h> +#else +#define PR_GET_DUMPABLE 3 +#endif struct dirent_s { unsigned long long d_ino; @@ -83,6 +92,27 @@ static int num_open = 0; static int do_debug = 0; #endif +static char *safe_getenv(const char *arg) +{ + if ((getuid() != geteuid()) || (getgid() != getegid())) + return NULL; +#if HAVE_PRCTL + if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 0) + return NULL; +#else +#if (defined(linux) && defined(SYS_prctl)) + if (syscall(SYS_prctl, PR_GET_DUMPABLE, 0, 0, 0, 0) == 0) + return NULL; +#endif +#endif + +#if HAVE___SECURE_GETENV + return __secure_getenv(arg); +#else + return getenv(arg); +#endif +} + static void setup_ptr() { char *cp; @@ -97,11 +127,11 @@ static void setup_ptr() real_telldir = dlsym(RTLD_NEXT, "telldir"); real_seekdir = dlsym(RTLD_NEXT, "seekdir"); real_dirfd = dlsym(RTLD_NEXT, "dirfd"); - if ((cp = getenv("SPD_READDIR_MAX_SIZE")) != NULL) { + if ((cp = safe_getenv("SPD_READDIR_MAX_SIZE")) != NULL) { max_dirsize = atol(cp); } #ifdef DEBUG - if (getenv("SPD_READDIR_DEBUG")) { + if (safe_getenv("SPD_READDIR_DEBUG")) { printf("initialized!\n"); do_debug++; } -- 1.7.12.rc0.22.gcdd159b -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html