[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: secure_getenv is broken on FreeBSD.
From: |
Paul Eggert |
Subject: |
Re: secure_getenv is broken on FreeBSD. |
Date: |
Thu, 07 Feb 2013 15:37:14 -0800 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130106 Thunderbird/17.0.2 |
On 02/07/2013 02:28 PM, Mats Erik Andersson wrote:
> * Inetutils with gnulib-f65962 is broken on FreeBSD-9.0
> since "tempname" is making "secure_getenv" mandatory,
> against my will!
Why against your will? Isn't it better for tempname to avoid
insecure usage? But I do see that we can do a better job of this
on FreeBSD, so I pushed the following further patch. I'll try
to follow up on your other comments soon.
>From bac78fc4126870cfc6792048edf7f028d7700593 Mon Sep 17 00:00:00 2001
From: Paul Eggert <address@hidden>
Date: Thu, 7 Feb 2013 15:34:23 -0800
Subject: [PATCH] secure_getenv: port better to FreeBSD and Solaris
* lib/secure_getenv.c [!HAVE___SECURE_GETENV]:
Include unistd.h if HAVE_ISSETUGID, otherwise define a dummy issetugid.
(secure_getenv) [!HAVE___SECURE_GETENV]: Use getenv if not issetugid.
This works better on BSDish platforms.
* m4/secure_getenv.m4 (gl_PREREQ_SECURE_GETENV):
Test for issetugid if __secure_getenv is missing.
---
ChangeLog | 10 ++++++++++
lib/secure_getenv.c | 13 ++++++++++++-
m4/secure_getenv.m4 | 3 +++
3 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index e3fb3bd..4dc8f2c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2013-02-07 Paul Eggert <address@hidden>
+
+ secure_getenv: port better to FreeBSD and Solaris
+ * lib/secure_getenv.c [!HAVE___SECURE_GETENV]:
+ Include unistd.h if HAVE_ISSETUGID, otherwise define a dummy issetugid.
+ (secure_getenv) [!HAVE___SECURE_GETENV]: Use getenv if not issetugid.
+ This works better on BSDish platforms.
+ * m4/secure_getenv.m4 (gl_PREREQ_SECURE_GETENV):
+ Test for issetugid if __secure_getenv is missing.
+
2013-02-06 Paul Eggert <address@hidden>
extensions: port better to MINUX 3, HP-UX, autoheader 2.62
diff --git a/lib/secure_getenv.c b/lib/secure_getenv.c
index 0b91a99..2859522 100644
--- a/lib/secure_getenv.c
+++ b/lib/secure_getenv.c
@@ -17,12 +17,23 @@
#include <stdlib.h>
+#if !HAVE___SECURE_GETENV
+# if HAVE_ISSETUGID
+# include <unistd.h>
+# else
+# undef issetugid
+# define issetugid() 1
+# endif
+#endif
+
char *
secure_getenv (char const *name)
{
#if HAVE___SECURE_GETENV
return __secure_getenv (name);
#else
- return 0;
+ if (issetugid ())
+ return 0;
+ return getenv (name);
#endif
}
diff --git a/m4/secure_getenv.m4 b/m4/secure_getenv.m4
index 1ab5b2d..5da5298 100644
--- a/m4/secure_getenv.m4
+++ b/m4/secure_getenv.m4
@@ -19,4 +19,7 @@ AC_DEFUN([gl_FUNC_SECURE_GETENV],
# Prerequisites of lib/secure_getenv.c.
AC_DEFUN([gl_PREREQ_SECURE_GETENV], [
AC_CHECK_FUNCS([__secure_getenv])
+ if test $ac_cv_func___secure_getenv = no; then
+ AC_CHECK_FUNCS([issetugid])
+ fi
])
--
1.7.11.7