shared: in code that might get called from suid programs use __secure_getenv() rather than getenv()
It's better to be safe than sorry.
This commit is contained in:
parent
fe1fed02c7
commit
88fae6e044
4
TODO
4
TODO
|
@ -65,8 +65,6 @@ Features:
|
||||||
|
|
||||||
* maybe make systemd-detect-virt suid? or use fscaps?
|
* maybe make systemd-detect-virt suid? or use fscaps?
|
||||||
|
|
||||||
* consider using __secure_getenv() instead of getenv() in libs
|
|
||||||
|
|
||||||
* man: document in ExecStart= explicitly that we don't take shell command lines, only executable names with arguments
|
* man: document in ExecStart= explicitly that we don't take shell command lines, only executable names with arguments
|
||||||
|
|
||||||
* shutdown: don't read-only mount anything when running in container
|
* shutdown: don't read-only mount anything when running in container
|
||||||
|
@ -505,6 +503,8 @@ Regularly:
|
||||||
|
|
||||||
* set_put(), hashmap_put() return values check. i.e. == 0 doesn't free()!
|
* set_put(), hashmap_put() return values check. i.e. == 0 doesn't free()!
|
||||||
|
|
||||||
|
* use __secure_getenv() instead of getenv() where appropriate
|
||||||
|
|
||||||
Scheduled for removal (or fixing):
|
Scheduled for removal (or fixing):
|
||||||
|
|
||||||
* xxxOverridable dependencies
|
* xxxOverridable dependencies
|
||||||
|
|
|
@ -955,12 +955,12 @@ static DBusConnection* manager_bus_connect_private(Manager *m, DBusBusType type)
|
||||||
|
|
||||||
switch (type) {
|
switch (type) {
|
||||||
case DBUS_BUS_SYSTEM:
|
case DBUS_BUS_SYSTEM:
|
||||||
address = getenv("DBUS_SYSTEM_BUS_ADDRESS");
|
address = __secure_getenv("DBUS_SYSTEM_BUS_ADDRESS");
|
||||||
if (!address || !address[0])
|
if (!address || !address[0])
|
||||||
address = DBUS_SYSTEM_BUS_DEFAULT_ADDRESS;
|
address = DBUS_SYSTEM_BUS_DEFAULT_ADDRESS;
|
||||||
break;
|
break;
|
||||||
case DBUS_BUS_SESSION:
|
case DBUS_BUS_SESSION:
|
||||||
address = getenv("DBUS_SESSION_BUS_ADDRESS");
|
address = __secure_getenv("DBUS_SESSION_BUS_ADDRESS");
|
||||||
if (!address || !address[0])
|
if (!address || !address[0])
|
||||||
address = DBUS_SESSION_BUS_DEFAULT_ADDRESS;
|
address = DBUS_SESSION_BUS_DEFAULT_ADDRESS;
|
||||||
break;
|
break;
|
||||||
|
@ -1077,7 +1077,7 @@ static int bus_init_private(Manager *m) {
|
||||||
const char *e;
|
const char *e;
|
||||||
char *p;
|
char *p;
|
||||||
|
|
||||||
e = getenv("XDG_RUNTIME_DIR");
|
e = __secure_getenv("XDG_RUNTIME_DIR");
|
||||||
if (!e)
|
if (!e)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
|
|
@ -191,7 +191,7 @@ _public_ struct udev *udev_new(void)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* environment overrides config */
|
/* environment overrides config */
|
||||||
env = getenv("UDEV_LOG");
|
env = __secure_getenv("UDEV_LOG");
|
||||||
if (env != NULL)
|
if (env != NULL)
|
||||||
udev_set_log_priority(udev, util_log_priority(env));
|
udev_set_log_priority(udev, util_log_priority(env));
|
||||||
|
|
||||||
|
|
|
@ -121,7 +121,7 @@ int bus_connect(DBusBusType t, DBusConnection **_bus, bool *_private, DBusError
|
||||||
* try via XDG_RUNTIME_DIR first, then
|
* try via XDG_RUNTIME_DIR first, then
|
||||||
* fallback to normal bus access */
|
* fallback to normal bus access */
|
||||||
|
|
||||||
e = getenv("XDG_RUNTIME_DIR");
|
e = __secure_getenv("XDG_RUNTIME_DIR");
|
||||||
if (e) {
|
if (e) {
|
||||||
char *p;
|
char *p;
|
||||||
|
|
||||||
|
|
|
@ -688,21 +688,21 @@ int log_set_max_level_from_string(const char *e) {
|
||||||
void log_parse_environment(void) {
|
void log_parse_environment(void) {
|
||||||
const char *e;
|
const char *e;
|
||||||
|
|
||||||
if ((e = getenv("SYSTEMD_LOG_TARGET")))
|
e = __secure_getenv("SYSTEMD_LOG_TARGET");
|
||||||
if (log_set_target_from_string(e) < 0)
|
if (e && log_set_target_from_string(e) < 0)
|
||||||
log_warning("Failed to parse log target %s. Ignoring.", e);
|
log_warning("Failed to parse log target %s. Ignoring.", e);
|
||||||
|
|
||||||
if ((e = getenv("SYSTEMD_LOG_LEVEL")))
|
e = __secure_getenv("SYSTEMD_LOG_LEVEL");
|
||||||
if (log_set_max_level_from_string(e) < 0)
|
if (e && log_set_max_level_from_string(e) < 0)
|
||||||
log_warning("Failed to parse log level %s. Ignoring.", e);
|
log_warning("Failed to parse log level %s. Ignoring.", e);
|
||||||
|
|
||||||
if ((e = getenv("SYSTEMD_LOG_COLOR")))
|
e = __secure_getenv("SYSTEMD_LOG_COLOR");
|
||||||
if (log_show_color_from_string(e) < 0)
|
if (e && log_show_color_from_string(e) < 0)
|
||||||
log_warning("Failed to parse bool %s. Ignoring.", e);
|
log_warning("Failed to parse bool %s. Ignoring.", e);
|
||||||
|
|
||||||
if ((e = getenv("SYSTEMD_LOG_LOCATION")))
|
e = __secure_getenv("SYSTEMD_LOG_LOCATION");
|
||||||
if (log_show_location_from_string(e) < 0)
|
if (e && log_show_location_from_string(e) < 0)
|
||||||
log_warning("Failed to parse bool %s. Ignoring.", e);
|
log_warning("Failed to parse bool %s. Ignoring.", e);
|
||||||
}
|
}
|
||||||
|
|
||||||
LogTarget log_get_target(void) {
|
LogTarget log_get_target(void) {
|
||||||
|
|
Loading…
Reference in New Issue