Try to use issetugid before falling back to insecure getenv

Message ID	5779850.CGupPAFhYn@novprenosnik
State	New
Headers	show Return-Path: <gcc-patches-return-476794-incoming=patchwork.ozlabs.org@gcc.gnu.org> DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:from :to:subject:date:message-id:mime-version:content-type :content-transfer-encoding; q=dns; s=default; b=JuolxWtNs7kfSl7A 8Ue5T7xPyA5t7k0T1JSjXZU+8fbChCyrbZ1lT1qZtLZMr9Ec/StxpK4Mkvva1LsJ MJeJAgT5KDDxIHZuEEHtr01qADude4e8POaTDhlp+0p3FZUL3IYN+fe5iZJqwdal zuyJdIRTbaD0BtS5GgFsE/I/em8= Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk Sender: gcc-patches-owner@gcc.gnu.org From: Matija Skala <mskala@gmx.com> To: gcc-patches@gcc.gnu.org Subject: [PATCH] Try to use issetugid before falling back to insecure getenv Date: Wed, 25 Apr 2018 12:06:25 +0200 Message-ID: <5779850.CGupPAFhYn@novprenosnik> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7Bit
Series	Try to use issetugid before falling back to insecure getenv \| expand Try to use issetugid before falling back to insecure getenv

Message ID

5779850.CGupPAFhYn@novprenosnik

State

New

Headers

DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:from
	:to:subject:date:message-id:mime-version:content-type
	:content-transfer-encoding; q=dns; s=default; b=JuolxWtNs7kfSl7A
	8Ue5T7xPyA5t7k0T1JSjXZU+8fbChCyrbZ1lT1qZtLZMr9Ec/StxpK4Mkvva1LsJ
	MJeJAgT5KDDxIHZuEEHtr01qADude4e8POaTDhlp+0p3FZUL3IYN+fe5iZJqwdal
	zuyJdIRTbaD0BtS5GgFsE/I/em8=
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
Sender: gcc-patches-owner@gcc.gnu.org
From: Matija Skala <mskala@gmx.com>
To: gcc-patches@gcc.gnu.org
Subject: [PATCH] Try to use issetugid before falling back to insecure getenv
Date: Wed, 25 Apr 2018 12:06:25 +0200
Message-ID: <5779850.CGupPAFhYn@novprenosnik>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7Bit

Series

Try to use issetugid before falling back to insecure getenv | expand

Comments

Andreas Schwab April 25, 2018, 5:53 p.m. UTC | #1

On Apr 25 2018, Matija Skala <mskala@gmx.com> wrote:

> diff --git a/libvtv/configure.ac b/libvtv/configure.ac
> index ba3009ee3fb..878ba02a2e2 100644
> --- a/libvtv/configure.ac
> +++ b/libvtv/configure.ac
> @@ -115,6 +115,9 @@ AC_CHECK_FUNCS([__secure_getenv])
>  AC_GNU_SOURCE
>  AC_CHECK_FUNCS([secure_getenv])
>  
> +AC_GNU_SOURCE
> +AC_CHECK_FUNCS([issetugid])

There is no need to repeat AC_GNU_SOURCE.

Andreas.

Matija Skala April 26, 2018, 5:13 a.m. UTC | #2

Dne sreda, 25. april 2018 ob 19:53:08 CEST je Andreas Schwab napisal(a):
> On Apr 25 2018, Matija Skala <mskala@gmx.com> wrote:
> > diff --git a/libvtv/configure.ac b/libvtv/configure.ac
> > index ba3009ee3fb..878ba02a2e2 100644
> > --- a/libvtv/configure.ac
> > +++ b/libvtv/configure.ac
> > @@ -115,6 +115,9 @@ AC_CHECK_FUNCS([__secure_getenv])
> > 
> >  AC_GNU_SOURCE
> >  AC_CHECK_FUNCS([secure_getenv])
> > 
> > +AC_GNU_SOURCE
> > +AC_CHECK_FUNCS([issetugid])
> 
> There is no need to repeat AC_GNU_SOURCE.
> 
> Andreas.

Thanks for pointing this out. There was already one repetition which confused me.

---
 libvtv/configure.ac | 3 ++-
 libvtv/vtv_utils.cc | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/libvtv/configure.ac b/libvtv/configure.ac
index ba3009ee3fb..4d8cda9adaf 100644
--- a/libvtv/configure.ac
+++ b/libvtv/configure.ac
@@ -112,9 +112,10 @@ AC_SUBST(toolexeclibdir)
 AC_GNU_SOURCE
 AC_CHECK_FUNCS([__secure_getenv])
 
-AC_GNU_SOURCE
 AC_CHECK_FUNCS([secure_getenv])
 
+AC_CHECK_FUNCS([issetugid])
+
 AC_CHECK_FUNCS([getexecname __fortify_fail])
 
 # Check for programs.
diff --git a/libvtv/vtv_utils.cc b/libvtv/vtv_utils.cc
index 1e41ced4473..10efee987d4 100644
--- a/libvtv/vtv_utils.cc
+++ b/libvtv/vtv_utils.cc
@@ -46,6 +46,8 @@
 #ifndef HAVE_SECURE_GETENV
 #  ifdef HAVE___SECURE_GETENV
 #    define secure_getenv __secure_getenv
+#  elif defined HAVE_ISSETUGID
+#    define secure_getenv(name) (issetugid() ? NULL : getenv(name))
 #  else
 #    define secure_getenv getenv
 #  endif

diff --git a/libvtv/configure.ac b/libvtv/configure.ac
index ba3009ee3fb..878ba02a2e2 100644
--- a/libvtv/configure.ac
+++ b/libvtv/configure.ac
@@ -115,6 +115,9 @@  AC_CHECK_FUNCS([__secure_getenv])
 AC_GNU_SOURCE
 AC_CHECK_FUNCS([secure_getenv])
 
+AC_GNU_SOURCE
+AC_CHECK_FUNCS([issetugid])
+
 AC_CHECK_FUNCS([getexecname __fortify_fail])
 
 # Check for programs.
diff --git a/libvtv/vtv_utils.cc b/libvtv/vtv_utils.cc
index 1e41ced4473..10efee987d4 100644
--- a/libvtv/vtv_utils.cc
+++ b/libvtv/vtv_utils.cc
@@ -46,6 +46,8 @@ 
 #ifndef HAVE_SECURE_GETENV
 #  ifdef HAVE___SECURE_GETENV
 #    define secure_getenv __secure_getenv
+#  elif defined HAVE_ISSETUGID
+#    define secure_getenv(name) (issetugid() ? NULL : getenv(name))
 #  else
 #    define secure_getenv getenv
 #  endif

Try to use issetugid before falling back to insecure getenv

Commit Message

Comments

Patch