Use secure_getenv in client and mechglue modulegetenv

proxymehc.so may be used in setuid binaries so follow best security practices and use secure_getenv() if available. Fallback to poorman emulation when secure_getenv() is not available. Resolves: https://fedorahosted.org/gss-proxy/ticket/110
author: Simo Sorce <simo@redhat.com> 2013-11-20 11:58:22 -0500
committer: Simo Sorce <simo@redhat.com> 2013-11-20 12:03:29 -0500
commit: 30ce3354ed3300721ddf8de069b0647b55e718e6 (patch)
tree: aecdfbc9cec2f04f10fc2a96c129595bc1b8f68b /proxy/src/gp_util.c
parent: 9824bec3a9fc14a527a4febd60a730f6deee0918 (diff)
download: gss-proxy-getenv.tar.gz
gss-proxy-getenv.tar.xz
gss-proxy-getenv.zip
1 files changed, 20 insertions, 0 deletions
diff --git a/proxy/src/gp_util.c b/proxy/src/gp_util.c
index 8400da1..a6c870f 100644
--- a/proxy/src/gp_util.c
+++ b/proxy/src/gp_util.c
@@ -23,8 +23,10 @@
    DEALINGS IN THE SOFTWARE.
 */
 
+#include "config.h"
 #include <stdbool.h>
 #include <string.h>
+#include <stdlib.h>
 
 bool gp_same(const char *a, const char *b)
 {
@@ -46,3 +48,21 @@ bool gp_boolean_is_true(const char *s)
 
     return false;
 }
+
+char *gp_getenv(const char *name)
+{
+#if HAVE_SECURE_GETENV
+    return secure_getenv(name);
+#elif HAVE___SECURE_GETENV
+    return __secure_getenv(name);
+#else
+#include <unistd.h>
+#include <sys/types.h>
+#warning secure_getenv not available, falling back to poorman emulation
+    if ((getuid() == geteuid()) &&
+        (getgid() == getegid())) {
+        return getenv(name);
+    }
+    return NULL;
+#endif
+}
author	Simo Sorce <simo@redhat.com>	2013-11-20 11:58:22 -0500
committer	Simo Sorce <simo@redhat.com>	2013-11-20 12:03:29 -0500
commit	30ce3354ed3300721ddf8de069b0647b55e718e6 (patch)
tree	aecdfbc9cec2f04f10fc2a96c129595bc1b8f68b /proxy/src/gp_util.c
parent	9824bec3a9fc14a527a4febd60a730f6deee0918 (diff)
download	gss-proxy-getenv.tar.gz gss-proxy-getenv.tar.xz gss-proxy-getenv.zip