+2005-03-31 Theodore Ts'o <tytso@mit.edu>
+
+ * configure.in: Add tests for __secure_getenv(), prctl(),
+ and sys/prctl.h
+
2005-03-21 Theodore Ts'o <tytso@mit.edu>
* Release of E2fsprogs 1.37
-for ac_header in stdlib.h unistd.h stdarg.h stdint.h errno.h malloc.h mntent.h paths.h dirent.h getopt.h setjmp.h signal.h termios.h linux/fd.h linux/major.h sys/disklabel.h sys/ioctl.h sys/mkdev.h sys/queue.h sys/sockio.h sys/socket.h sys/sysmacros.h sys/time.h sys/stat.h sys/types.h sys/wait.h sys/resource.h net/if_dl.h netinet/in.h
+
+for ac_header in stdlib.h unistd.h stdarg.h stdint.h errno.h malloc.h mntent.h paths.h dirent.h getopt.h setjmp.h signal.h termios.h linux/fd.h linux/major.h sys/disklabel.h sys/ioctl.h sys/mkdev.h sys/prctl.h sys/queue.h sys/sockio.h sys/socket.h sys/sysmacros.h sys/time.h sys/stat.h sys/types.h sys/wait.h sys/resource.h net/if_dl.h netinet/in.h
do
as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
if eval "test \"\${$as_ac_Header+set}\" = set"; then
-for ac_func in chflags getrusage llseek lseek64 open64 getmntinfo strtoull strcasecmp srandom fchown mallinfo fdatasync strnlen strptime sysconf pathconf posix_memalign memalign valloc
+
+
+for ac_func in chflags getrusage llseek lseek64 open64 getmntinfo strtoull strcasecmp srandom fchown mallinfo fdatasync strnlen strptime sysconf pathconf posix_memalign memalign valloc __secure_getenv prctl
do
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
echo "$as_me:$LINENO: checking for $ac_func" >&5
else
AC_CHECK_PROGS(BUILD_CC, gcc cc)
fi
-AC_CHECK_HEADERS(stdlib.h unistd.h stdarg.h stdint.h errno.h malloc.h mntent.h paths.h dirent.h getopt.h setjmp.h signal.h termios.h linux/fd.h linux/major.h sys/disklabel.h sys/ioctl.h sys/mkdev.h sys/queue.h sys/sockio.h sys/socket.h sys/sysmacros.h sys/time.h sys/stat.h sys/types.h sys/wait.h sys/resource.h net/if_dl.h netinet/in.h)
+AC_CHECK_HEADERS(stdlib.h unistd.h stdarg.h stdint.h errno.h malloc.h mntent.h paths.h dirent.h getopt.h setjmp.h signal.h termios.h linux/fd.h linux/major.h sys/disklabel.h sys/ioctl.h sys/mkdev.h sys/prctl.h sys/queue.h sys/sockio.h sys/socket.h sys/sysmacros.h sys/time.h sys/stat.h sys/types.h sys/wait.h sys/resource.h net/if_dl.h netinet/in.h)
AC_CHECK_HEADERS(sys/disk.h sys/mount.h,,,
[[
#if HAVE_SYS_QUEUE_H
[#include <sys/types.h>
#include <sys/socket.h>])
dnl
-AC_CHECK_FUNCS(chflags getrusage llseek lseek64 open64 getmntinfo strtoull strcasecmp srandom fchown mallinfo fdatasync strnlen strptime sysconf pathconf posix_memalign memalign valloc)
+AC_CHECK_FUNCS(chflags getrusage llseek lseek64 open64 getmntinfo strtoull strcasecmp srandom fchown mallinfo fdatasync strnlen strptime sysconf pathconf posix_memalign memalign valloc __secure_getenv prctl)
dnl
dnl Check to see if -lsocket is required (solaris) to make something
dnl that uses socket() to compile; this is needed for the UUID library
+2005-03-31 Theodore Ts'o <tytso@mit.edu>
+
+ * cache.c (blkid_get_cache): Use a much more paranoid
+ safe_getenv() function which will ignore the BLKID_FILE
+ environment varaible if the application program is setgid
+ or on a Linux system, if kernel doesn't think the process
+ is eligible to create a core dump. Also if glibc has
+ __secure_getenv(), then use it.
+
2005-03-21 Theodore Ts'o <tytso@mit.edu>
* Release of E2fsprogs 1.37
* %End-Header%
*/
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_ERRNO_H
+#include <errno.h>
+#endif
#include <stdlib.h>
#include <string.h>
+#ifdef HAVE_SYS_PRCTL_H
+#include <sys/prctl.h>
+#else
+#define PR_GET_DUMPABLE 3
+#endif
+#if (!defined(HAVE_PRCTL) && defined(linux))
+#include <sys/syscall.h>
+#endif
#include "blkidP.h"
int blkid_debug_mask = 0;
+
+static char *safe_getenv(const char *arg)
+{
+ if ((getuid() != geteuid()) || (getgid() != getgid()))
+ return NULL;
+#if HAVE_PRCTL
+ if (prctl(PR_GET_DUMPABLE) == 0)
+ return NULL;
+#else
+#if (defined(linux) && defined(SYS_prctl))
+ if (syscall(SYS_prctl, PR_GET_DUMPABLE) == 0)
+ return NULL;
+#endif
+#endif
+
+#ifdef HAVE___SECURE_GETENV
+ return __secure_getenv("BLKID_FILE");
+#else
+ return getenv("BLKID_FILE");
+#endif
+}
+
int blkid_get_cache(blkid_cache *ret_cache, const char *filename)
{
blkid_cache cache;
if (filename && !strlen(filename))
filename = 0;
- if (!filename && (getuid() == geteuid()))
- filename = getenv("BLKID_FILE");
+ if (!filename)
+ filename = safe_getenv("BLKID_FILE");
if (!filename)
filename = BLKID_CACHE_FILE;
cache->bic_filename = blkid_strdup(filename);
+2005-03-31 Theodore Ts'o <tytso@mit.edu>
+
+ * test_io.c (test_open): If called by a setuid/setgid or an
+ otherwise privileged program, be paranoid and ignore the
+ TEST_IO_* environment variables.
+
2005-03-21 Theodore Ts'o <tytso@mit.edu>
* Release of E2fsprogs 1.37
#if HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
+#ifdef HAVE_SYS_PRCTL_H
+#include <sys/prctl.h>
+#else
+#define PR_GET_DUMPABLE 3
+#endif
+#if (!defined(HAVE_PRCTL) && defined(linux))
+#include <sys/syscall.h>
+#endif
#include "ext2_fs.h"
#include "ext2fs.h"
abort();
}
+static char *safe_getenv(const char *arg)
+{
+ if ((getuid() != geteuid()) || (getgid() != getgid()))
+ return NULL;
+#if HAVE_PRCTL
+ if (prctl(PR_GET_DUMPABLE) == 0)
+ return NULL;
+#else
+#if (defined(linux) && defined(SYS_prctl))
+ if (syscall(SYS_prctl, PR_GET_DUMPABLE) == 0)
+ return NULL;
+#endif
+#endif
+
+#ifdef HAVE___SECURE_GETENV
+ return __secure_getenv("BLKID_FILE");
+#else
+ return getenv("BLKID_FILE");
+#endif
+}
+
static errcode_t test_open(const char *name, int flags, io_channel *channel)
{
io_channel io = NULL;
data->write_byte = test_io_cb_write_byte;
data->outfile = NULL;
- if ((value = getenv("TEST_IO_LOGFILE")) != NULL)
+ if ((value = safe_getenv("TEST_IO_LOGFILE")) != NULL)
data->outfile = fopen(value, "w");
if (!data->outfile)
data->outfile = stderr;
data->flags = 0;
- if ((value = getenv("TEST_IO_FLAGS")) != NULL)
+ if ((value = safe_getenv("TEST_IO_FLAGS")) != NULL)
data->flags = strtoul(value, NULL, 0);
data->block = 0;
- if ((value = getenv("TEST_IO_BLOCK")) != NULL)
+ if ((value = safe_getenv("TEST_IO_BLOCK")) != NULL)
data->block = strtoul(value, NULL, 0);
data->read_abort_count = 0;
- if ((value = getenv("TEST_IO_READ_ABORT")) != NULL)
+ if ((value = safe_getenv("TEST_IO_READ_ABORT")) != NULL)
data->read_abort_count = strtoul(value, NULL, 0);
data->write_abort_count = 0;
- if ((value = getenv("TEST_IO_WRITE_ABORT")) != NULL)
+ if ((value = safe_getenv("TEST_IO_WRITE_ABORT")) != NULL)
data->write_abort_count = strtoul(value, NULL, 0);
*channel = io;
+2005-03-31 Theodore Ts'o <tytso@mit.edu>
+
+ * get_readline.c (ss_get_readline), pager.c (ss_page_stdin): If
+ called by a setuid/setgid or an otherwise privileged
+ program, be paranoid and ignore the PAGER and
+ SS_READLINE_PATH environment variables.
+
2005-03-21 Theodore Ts'o <tytso@mit.edu>
* Release of E2fsprogs 1.37
if (info->readline_handle)
return;
- libpath = getenv("SS_READLINE_PATH");
+ libpath = ss_safe_getenv("SS_READLINE_PATH");
if (!libpath)
libpath = DEFAULT_LIBPATH;
if (*libpath == 0 || !strcmp(libpath, "none"))
#include <sys/types.h>
#include <sys/file.h>
#include <signal.h>
+#ifdef HAVE_SYS_PRCTL_H
+#include <sys/prctl.h>
+#else
+#define PR_GET_DUMPABLE 3
+#endif
+#if (!defined(HAVE_PRCTL) && defined(linux))
+#include <sys/syscall.h>
+#endif
static char MORE[] = "more";
extern char *_ss_pager_name;
extern char *getenv PROTOTYPE((const char *));
+char *ss_safe_getenv(const char *arg)
+{
+ if ((getuid() != geteuid()) || (getgid() != getgid()))
+ return NULL;
+#if HAVE_PRCTL
+ if (prctl(PR_GET_DUMPABLE) == 0)
+ return NULL;
+#else
+#if (defined(linux) && defined(SYS_prctl))
+ if (syscall(SYS_prctl, PR_GET_DUMPABLE) == 0)
+ return NULL;
+#endif
+#endif
+
+#ifdef HAVE___SECURE_GETENV
+ return __secure_getenv("BLKID_FILE");
+#else
+ return getenv("BLKID_FILE");
+#endif
+}
+
/*
* this needs a *lot* of work....
*
sigdelset(&mask, SIGINT);
sigprocmask(SIG_SETMASK, &mask, 0);
if (_ss_pager_name == (char *)NULL) {
- if ((_ss_pager_name = getenv("PAGER")) == (char *)NULL)
+ if ((_ss_pager_name = ss_safe_getenv("PAGER")) == (char *)NULL)
_ss_pager_name = MORE;
}
(void) execlp(_ss_pager_name, _ss_pager_name, (char *) NULL);
void ss_list_requests(int, char const * const *, int, pointer);
int ss_execute_command(int sci_idx, char *argv[]);
int ss_pager_create(void);
+char *ss_safe_getenv(const char *arg);
char **ss_rl_completion(const char *text, int start, int end);
extern ss_data **_ss_table;