[PATCH] Cygwin: add secure_getenv

Corinna Vinschen corinna-cygwin@cygwin.com
Tue Feb 19 11:43:00 GMT 2019


On Feb 18 23:09, Yaakov Selkowitz wrote:
> Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
> ---
> This is being used more frequently.  Since we don't have Linux capabilities,
> setuid/setgid is the only condition we have to check.

I'm not sure this is right.  The Linux man page claims

"Secure execution is required if one of the following conditions was
 true when the program run by the calling process was loaded: [...]"

Do we ever have this situation?  We don't have any capability to make
real and effective user ID different at process startup.  But from that
description it seems secure_getenv does not trigger secure mode if the
process calls seteuid() or setreuid() later in the process.

I ran this STC as root under Linux:

# cat > sec-getenv-test.c <<EOF
#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <sys/types.h>
#include <unistd.h>

int main ()
{
  char *env;

  env = secure_getenv ("HOME");
  printf ("vor seteuid: HOME=%p <%s>\n", env, env ?: "");
  if (seteuid (74) < 0)
    printf ("seteuid: %d <%s>\n", errno, strerror (errno));
  else
    {
      env = secure_getenv ("HOME");
      printf ("nach seteuid: HOME=%p <%s>\n", env, env ?: "");
    }
  return 0;
}
EOF
# gcc -g -o sec-getenv-test sec-getenv-test.c
# ./sec-getenv-test
vor seteuid: HOME=0x7fff17a04ea2 </root>
nach seteuid: HOME=0x7fff17a04ea2 </root>


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin-patches/attachments/20190219/73de0bf3/attachment.sig>


More information about the Cygwin-patches mailing list