"The secure_getenv() function is intended for use in general-purpose libraries to avoid vulnerabilities that could occur if set-user-ID or set-group-ID programs accidentally trusted the environment." Signed-off-by: Cristian Rodríguez <crrodriguez@xxxxxxxxxxxx> --- configure.ac | 2 +- libkmod/libkmod-private.h | 9 +++++++++ libkmod/libkmod.c | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 0f86c25..d7ff960 100644 --- a/configure.ac +++ b/configure.ac @@ -39,7 +39,7 @@ PKG_PROG_PKG_CONFIG ##################################################################### AC_CHECK_FUNCS_ONCE(__xstat) - +AC_CHECK_FUNCS_ONCE([__secure_getenv secure_getenv]) # dietlibc doesn't have st.st_mtim struct member AC_CHECK_MEMBERS([struct stat.st_mtim], [], [], [#include <sys/stat.h>]) diff --git a/libkmod/libkmod-private.h b/libkmod/libkmod-private.h index b472c62..296b5c0 100644 --- a/libkmod/libkmod-private.h +++ b/libkmod/libkmod-private.h @@ -35,6 +35,15 @@ static _always_inline_ _printf_format_(2, 3) void #define KCMD_LINE_SIZE 4096 +#ifndef HAVE_SECURE_GETENV +# ifdef HAVE__SECURE_GETENV +# define secure_getenv __secure_getenv +# else +# warning neither secure_getenv nor __secure_getenv are available in your libc. +#define secure_getenv getenv +# endif +#endif + void kmod_log(const struct kmod_ctx *ctx, int priority, const char *file, int line, const char *fn, const char *format, ...) __attribute__((format(printf, 6, 7))) __attribute__((nonnull(1, 3, 5))); diff --git a/libkmod/libkmod.c b/libkmod/libkmod.c index b3e1d6b..2ef19d3 100644 --- a/libkmod/libkmod.c +++ b/libkmod/libkmod.c @@ -254,7 +254,7 @@ KMOD_EXPORT struct kmod_ctx *kmod_new(const char *dirname, ctx->dirname = get_kernel_release(dirname); /* environment overwrites config */ - env = getenv("KMOD_LOG"); + env = secure_getenv("KMOD_LOG"); if (env != NULL) kmod_set_log_priority(ctx, log_priority(env)); -- 1.8.1.1 -- To unsubscribe from this list: send the line "unsubscribe linux-modules" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html