diff options
| author | Paul Eggert <eggert@cs.ucla.edu> | 2016-05-30 16:09:25 -0700 |
|---|---|---|
| committer | Paul Eggert <eggert@cs.ucla.edu> | 2016-05-30 16:13:04 -0700 |
| commit | e7b01df5cf83cdb7e7ca5558a0f557cf6354dace (patch) | |
| tree | 9905b9451d5988e2f96f5a80332f19e67d581b17 /lib | |
| parent | 13411853b25f3c861d9364961f8ca0b18a9b5ed4 (diff) | |
Update from gnulib
This incorporates:
2016-05-30 Use GCC_LINT, not lint
2016-05-29 secure_getenv: Port to many more platforms.
* doc/misc/texinfo.tex, lib/secure_getenv.c, lib/verify.h:
* m4/secure_getenv.m4: Copy from gnulib.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/secure_getenv.c | 29 | ||||
| -rw-r--r-- | lib/verify.h | 2 |
2 files changed, 22 insertions, 9 deletions
diff --git a/lib/secure_getenv.c b/lib/secure_getenv.c index f359ab2173..88a60dc33c 100644 --- a/lib/secure_getenv.c +++ b/lib/secure_getenv.c @@ -1,4 +1,4 @@ -/* Look up an environment variable more securely. +/* Look up an environment variable, returning NULL in insecure situations. Copyright 2013-2016 Free Software Foundation, Inc. @@ -20,22 +20,35 @@ #include <stdlib.h> #if !HAVE___SECURE_GETENV -# if HAVE_ISSETUGID +# if HAVE_ISSETUGID || (HAVE_GETUID && HAVE_GETEUID && HAVE_GETGID && HAVE_GETEGID) # include <unistd.h> -# else -# undef issetugid -# define issetugid() 1 # endif #endif char * secure_getenv (char const *name) { -#if HAVE___SECURE_GETENV +#if HAVE___SECURE_GETENV /* glibc */ return __secure_getenv (name); -#else +#elif HAVE_ISSETUGID /* OS X, FreeBSD, NetBSD, OpenBSD */ if (issetugid ()) - return 0; + return NULL; + return getenv (name); +#elif HAVE_GETUID && HAVE_GETEUID && HAVE_GETGID && HAVE_GETEGID /* other Unix */ + if (geteuid () != getuid () || getegid () != getgid ()) + return NULL; return getenv (name); +#elif (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__ /* native Windows */ + /* On native Windows, there is no such concept as setuid or setgid binaries. + - Programs launched as system services have high privileges, but they don't + inherit environment variables from a user. + - Programs launched by a user with "Run as Administrator" have high + privileges and use the environment variables, but the user has been asked + whether he agrees. + - Programs launched by a user without "Run as Administrator" cannot gain + high privileges, therefore there is no risk. */ + return getenv (name); +#else + return NULL; #endif } diff --git a/lib/verify.h b/lib/verify.h index 2f4383743b..5c8381d290 100644 --- a/lib/verify.h +++ b/lib/verify.h @@ -263,7 +263,7 @@ template <int w> # define assume(R) ((R) ? (void) 0 : __builtin_unreachable ()) #elif 1200 <= _MSC_VER # define assume(R) __assume (R) -#elif (defined lint \ +#elif ((defined GCC_LINT || defined lint) \ && (__has_builtin (__builtin_trap) \ || 3 < __GNUC__ + (3 < __GNUC_MINOR__ + (4 <= __GNUC_PATCHLEVEL__)))) /* Doing it this way helps various packages when configured with |