diff --git a/src/basic/env-util.c b/src/basic/env-util.c index 56e7b6fd8c..d72940acb3 100644 --- a/src/basic/env-util.c +++ b/src/basic/env-util.c @@ -769,6 +769,16 @@ int getenv_bool(const char *p) { return parse_boolean(e); } +int getenv_bool_secure(const char *p) { + const char *e; + + e = secure_getenv(p); + if (!e) + return -ENXIO; + + return parse_boolean(e); +} + int serialize_environment(FILE *f, char **environment) { char **e; diff --git a/src/basic/env-util.h b/src/basic/env-util.h index e88fa6aac0..d5da8cd67b 100644 --- a/src/basic/env-util.h +++ b/src/basic/env-util.h @@ -61,6 +61,7 @@ char *strv_env_get_n(char **l, const char *name, size_t k, unsigned flags) _pure char *strv_env_get(char **x, const char *n) _pure_; int getenv_bool(const char *p); +int getenv_bool_secure(const char *p); int serialize_environment(FILE *f, char **environment); int deserialize_environment(char ***environment, const char *line); diff --git a/src/nss-mymachines/nss-mymachines.c b/src/nss-mymachines/nss-mymachines.c index ea90953abb..6e468853a2 100644 --- a/src/nss-mymachines/nss-mymachines.c +++ b/src/nss-mymachines/nss-mymachines.c @@ -435,7 +435,7 @@ enum nss_status _nss_mymachines_getpwnam_r( if (!machine_name_is_valid(machine)) goto not_found; - if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0) + if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0) /* Make sure we can't deadlock if we are invoked by dbus-daemon. This way, it won't be able to resolve * these UIDs, but that should be unproblematic as containers should never be able to connect to a bus * running on the host. */ @@ -519,7 +519,7 @@ enum nss_status _nss_mymachines_getpwuid_r( if (uid < HOST_UID_LIMIT) goto not_found; - if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0) + if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0) goto not_found; r = sd_bus_open_system(&bus); @@ -613,7 +613,7 @@ enum nss_status _nss_mymachines_getgrnam_r( if (!machine_name_is_valid(machine)) goto not_found; - if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0) + if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0) goto not_found; r = sd_bus_open_system(&bus); @@ -691,7 +691,7 @@ enum nss_status _nss_mymachines_getgrgid_r( if (gid < HOST_GID_LIMIT) goto not_found; - if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0) + if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0) goto not_found; r = sd_bus_open_system(&bus); diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c index 37745b3103..dcb32e1e2b 100644 --- a/src/nss-systemd/nss-systemd.c +++ b/src/nss-systemd/nss-systemd.c @@ -129,7 +129,7 @@ enum nss_status _nss_systemd_getpwnam_r( goto not_found; /* Synthesize entries for the root and nobody users, in case they are missing in /etc/passwd */ - if (getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { + if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { if (streq(name, root_passwd.pw_name)) { *pwd = root_passwd; *errnop = 0; @@ -143,10 +143,10 @@ enum nss_status _nss_systemd_getpwnam_r( } /* Make sure that we don't go in circles when allocating a dynamic UID by checking our own database */ - if (getenv_bool("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0) + if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0) goto not_found; - if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0) { + if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0) { /* Access the dynamic UID allocation directly if we are called from dbus-daemon, see above. */ r = direct_lookup_name(name, (uid_t*) &translated); @@ -233,7 +233,7 @@ enum nss_status _nss_systemd_getpwuid_r( goto not_found; /* Synthesize data for the root user and for nobody in case they are missing from /etc/passwd */ - if (getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { + if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { if (uid == root_passwd.pw_uid) { *pwd = root_passwd; *errnop = 0; @@ -249,10 +249,10 @@ enum nss_status _nss_systemd_getpwuid_r( if (uid <= SYSTEM_UID_MAX) goto not_found; - if (getenv_bool("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0) + if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0) goto not_found; - if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0) { + if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0) { r = direct_lookup_uid(uid, &direct); if (r == -ENOENT) @@ -335,7 +335,7 @@ enum nss_status _nss_systemd_getgrnam_r( goto not_found; /* Synthesize records for root and nobody, in case they are missing form /etc/group */ - if (getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { + if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { if (streq(name, root_group.gr_name)) { *gr = root_group; *errnop = 0; @@ -348,10 +348,10 @@ enum nss_status _nss_systemd_getgrnam_r( } } - if (getenv_bool("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0) + if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0) goto not_found; - if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0) { + if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0) { /* Access the dynamic GID allocation directly if we are called from dbus-daemon, see above. */ r = direct_lookup_name(name, (uid_t*) &translated); @@ -436,7 +436,7 @@ enum nss_status _nss_systemd_getgrgid_r( goto not_found; /* Synthesize records for root and nobody, in case they are missing from /etc/group */ - if (getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { + if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { if (gid == root_group.gr_gid) { *gr = root_group; *errnop = 0; @@ -452,10 +452,10 @@ enum nss_status _nss_systemd_getgrgid_r( if (gid <= SYSTEM_GID_MAX) goto not_found; - if (getenv_bool("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0) + if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0) goto not_found; - if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0) { + if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0) { r = direct_lookup_uid(gid, &direct); if (r == -ENOENT)