External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-22 05:35:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add helpers for getting env vars in a setuid environment

Browse Source 
Care must be taken accessing env variables when running
setuid. Introduce a virGetEnvAllowSUID for env vars which
are safe to use in a setuid environment, and another
virGetEnvBlockSUID for vars which are not safe. Also add
a virIsSUID helper method for any other non-env var code
to use.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2013-10-09 10:52:39 +01:00
parent 57687fd6bf
commit ae53e5d10e
4 changed files with 47 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
bootstrap.conf
View File

@ -93,6 +93,7 @@ recv
regex
random_r
sched
secure_getenv
send
setenv
setsockopt

3
src/libvirt_private.syms
View File

@ -1859,6 +1859,8 @@ virFindFCHostCapableVport;
virFormatIntDecimal;
virGetDeviceID;
virGetDeviceUnprivSGIO;
virGetEnvAllowSUID;
virGetEnvBlockSUID;
virGetFCHostNameByWWN;
virGetGroupID;
virGetGroupList;
@ -1877,6 +1879,7 @@ virIndexToDiskName;
virIsCapableFCHost;
virIsCapableVport;
virIsDevMapperDevice;
virIsSUID;
virManageVport;
virParseNumber;
virParseOwnershipIds;

39
src/util/virutil.c
View File

@ -2131,3 +2131,42 @@ cleanup:
return rc;
}
/**
* virGetEnvBlockSUID:
* @name: the environment variable name
*
* Obtain an environment variable which is unsafe to
* use when running setuid. If running setuid, a NULL
* value will be returned
*/
const char *virGetEnvBlockSUID(const char *name)
{
return secure_getenv(name);
}
/**
* virGetEnvBlockSUID:
* @name: the environment variable name
*
* Obtain an environment variable which is safe to
* use when running setuid. The value will be returned
* even when running setuid
*/
const char *virGetEnvAllowSUID(const char *name)
{
return getenv(name);
}
/**
* virIsSUID:
* Return a true value if running setuid. Does not
* check for elevated capabilities bits.
*/
bool virIsSUID(void)
{
return getuid() != geteuid();
}

4
src/util/virutil.h
View File

@ -172,4 +172,8 @@ int virCompareLimitUlong(unsigned long long a, unsigned long long b);
int virParseOwnershipIds(const char *label, uid_t *uidPtr, gid_t *gidPtr);
const char *virGetEnvBlockSUID(const char *name);
const char *virGetEnvAllowSUID(const char *name);
bool virIsSUID(void);
#endif /* __VIR_UTIL_H__ */