diff options
| author | Simo Sorce <simo@redhat.com> | 2013-11-20 11:58:22 -0500 |
|---|---|---|
| committer | Günther Deschner <gdeschner@redhat.com> | 2013-11-21 13:48:25 +0100 |
| commit | 23f4ee4359d10f66e1938ce6b1d92d3cc77865ff (patch) | |
| tree | 407122ce6e24f1a87d5a33d9b4e5dc3cea6b28fb /proxy/src/gp_util.c | |
| parent | a272091dfd568cb96738cc96ea01bbf7f24ee62c (diff) | |
| download | gss-proxy-23f4ee4359d10f66e1938ce6b1d92d3cc77865ff.tar.gz gss-proxy-23f4ee4359d10f66e1938ce6b1d92d3cc77865ff.tar.xz gss-proxy-23f4ee4359d10f66e1938ce6b1d92d3cc77865ff.zip | |
Use secure_getenv in client and mechglue module
proxymehc.so may be used in setuid binaries so follow best security
practices and use secure_getenv() if available.
Fallback to poorman emulation when secure_getenv() is not available.
Resolves: https://fedorahosted.org/gss-proxy/ticket/110
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Diffstat (limited to 'proxy/src/gp_util.c')
| -rw-r--r-- | proxy/src/gp_util.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/proxy/src/gp_util.c b/proxy/src/gp_util.c index 8400da1..a6c870f 100644 --- a/proxy/src/gp_util.c +++ b/proxy/src/gp_util.c @@ -23,8 +23,10 @@ DEALINGS IN THE SOFTWARE. */ +#include "config.h" #include <stdbool.h> #include <string.h> +#include <stdlib.h> bool gp_same(const char *a, const char *b) { @@ -46,3 +48,21 @@ bool gp_boolean_is_true(const char *s) return false; } + +char *gp_getenv(const char *name) +{ +#if HAVE_SECURE_GETENV + return secure_getenv(name); +#elif HAVE___SECURE_GETENV + return __secure_getenv(name); +#else +#include <unistd.h> +#include <sys/types.h> +#warning secure_getenv not available, falling back to poorman emulation + if ((getuid() == geteuid()) && + (getgid() == getegid())) { + return getenv(name); + } + return NULL; +#endif +} |