This is the mail archive of the cygwin-patches mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] Cygwin: add secure_getenv


On Feb 18 23:09, Yaakov Selkowitz wrote:
> Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
> ---
> This is being used more frequently.  Since we don't have Linux capabilities,
> setuid/setgid is the only condition we have to check.

I'm not sure this is right.  The Linux man page claims

"Secure execution is required if one of the following conditions was
 true when the program run by the calling process was loaded: [...]"

Do we ever have this situation?  We don't have any capability to make
real and effective user ID different at process startup.  But from that
description it seems secure_getenv does not trigger secure mode if the
process calls seteuid() or setreuid() later in the process.

I ran this STC as root under Linux:

# cat > sec-getenv-test.c <<EOF
#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <sys/types.h>
#include <unistd.h>

int main ()
{
  char *env;

  env = secure_getenv ("HOME");
  printf ("vor seteuid: HOME=%p <%s>\n", env, env ?: "");
  if (seteuid (74) < 0)
    printf ("seteuid: %d <%s>\n", errno, strerror (errno));
  else
    {
      env = secure_getenv ("HOME");
      printf ("nach seteuid: HOME=%p <%s>\n", env, env ?: "");
    }
  return 0;
}
EOF
# gcc -g -o sec-getenv-test sec-getenv-test.c
# ./sec-getenv-test
vor seteuid: HOME=0x7fff17a04ea2 </root>
nach seteuid: HOME=0x7fff17a04ea2 </root>


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer

Attachment: signature.asc
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]