[PATCH] libkmod: Use secure_getenv if available

Cristian Rodríguez <crrodriguez@xxxxxxxxxxxx> · Mon, 11 Feb 2013 15:07:52 -0300

"The secure_getenv() function is intended for use in general-purpose
libraries to avoid vulnerabilities that could occur if set-user-ID or
set-group-ID programs accidentally trusted the environment."

Signed-off-by: Cristian Rodríguez <crrodriguez@xxxxxxxxxxxx>
---
 configure.ac              | 2 +-
 libkmod/libkmod-private.h | 9 +++++++++
 libkmod/libkmod.c         | 2 +-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 0f86c25..d7ff960 100644
--- a/configure.ac
+++ b/configure.ac
@@ -39,7 +39,7 @@ PKG_PROG_PKG_CONFIG
 #####################################################################
 
 AC_CHECK_FUNCS_ONCE(__xstat)
-
+AC_CHECK_FUNCS_ONCE([__secure_getenv secure_getenv])
 # dietlibc doesn't have st.st_mtim struct member
 AC_CHECK_MEMBERS([struct stat.st_mtim], [], [], [#include <sys/stat.h>])
 
diff --git a/libkmod/libkmod-private.h b/libkmod/libkmod-private.h
index b472c62..296b5c0 100644
--- a/libkmod/libkmod-private.h
+++ b/libkmod/libkmod-private.h
@@ -35,6 +35,15 @@ static _always_inline_ _printf_format_(2, 3) void
 
 #define KCMD_LINE_SIZE 4096
 
+#ifndef HAVE_SECURE_GETENV
+#  ifdef HAVE__SECURE_GETENV
+#    define secure_getenv __secure_getenv
+#  else
+#    warning neither secure_getenv nor __secure_getenv are available in your libc.
+#define secure_getenv getenv
+#  endif
+#endif
+
 void kmod_log(const struct kmod_ctx *ctx,
 		int priority, const char *file, int line, const char *fn,
 		const char *format, ...) __attribute__((format(printf, 6, 7))) __attribute__((nonnull(1, 3, 5)));
diff --git a/libkmod/libkmod.c b/libkmod/libkmod.c
index b3e1d6b..2ef19d3 100644
--- a/libkmod/libkmod.c
+++ b/libkmod/libkmod.c
@@ -254,7 +254,7 @@ KMOD_EXPORT struct kmod_ctx *kmod_new(const char *dirname,
 	ctx->dirname = get_kernel_release(dirname);
 
 	/* environment overwrites config */
-	env = getenv("KMOD_LOG");
+	env = secure_getenv("KMOD_LOG");
 	if (env != NULL)
 		kmod_set_log_priority(ctx, log_priority(env));
 
-- 
1.8.1.1

--
To unsubscribe from this list: send the line "unsubscribe linux-modules" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html





