mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-21 22:03:49 +03:00
Add helpers for getting env vars in a setuid environment
Care must be taken accessing env variables when running setuid. Introduce a virGetEnvAllowSUID for env vars which are safe to use in a setuid environment, and another virGetEnvBlockSUID for vars which are not safe. Also add a virIsSUID helper method for any other non-env var code to use. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
parent
57687fd6bf
commit
ae53e5d10e
@ -93,6 +93,7 @@ recv
|
||||
regex
|
||||
random_r
|
||||
sched
|
||||
secure_getenv
|
||||
send
|
||||
setenv
|
||||
setsockopt
|
||||
|
@ -1859,6 +1859,8 @@ virFindFCHostCapableVport;
|
||||
virFormatIntDecimal;
|
||||
virGetDeviceID;
|
||||
virGetDeviceUnprivSGIO;
|
||||
virGetEnvAllowSUID;
|
||||
virGetEnvBlockSUID;
|
||||
virGetFCHostNameByWWN;
|
||||
virGetGroupID;
|
||||
virGetGroupList;
|
||||
@ -1877,6 +1879,7 @@ virIndexToDiskName;
|
||||
virIsCapableFCHost;
|
||||
virIsCapableVport;
|
||||
virIsDevMapperDevice;
|
||||
virIsSUID;
|
||||
virManageVport;
|
||||
virParseNumber;
|
||||
virParseOwnershipIds;
|
||||
|
@ -2131,3 +2131,42 @@ cleanup:
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* virGetEnvBlockSUID:
|
||||
* @name: the environment variable name
|
||||
*
|
||||
* Obtain an environment variable which is unsafe to
|
||||
* use when running setuid. If running setuid, a NULL
|
||||
* value will be returned
|
||||
*/
|
||||
const char *virGetEnvBlockSUID(const char *name)
|
||||
{
|
||||
return secure_getenv(name);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* virGetEnvBlockSUID:
|
||||
* @name: the environment variable name
|
||||
*
|
||||
* Obtain an environment variable which is safe to
|
||||
* use when running setuid. The value will be returned
|
||||
* even when running setuid
|
||||
*/
|
||||
const char *virGetEnvAllowSUID(const char *name)
|
||||
{
|
||||
return getenv(name);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* virIsSUID:
|
||||
* Return a true value if running setuid. Does not
|
||||
* check for elevated capabilities bits.
|
||||
*/
|
||||
bool virIsSUID(void)
|
||||
{
|
||||
return getuid() != geteuid();
|
||||
}
|
||||
|
@ -172,4 +172,8 @@ int virCompareLimitUlong(unsigned long long a, unsigned long long b);
|
||||
|
||||
int virParseOwnershipIds(const char *label, uid_t *uidPtr, gid_t *gidPtr);
|
||||
|
||||
const char *virGetEnvBlockSUID(const char *name);
|
||||
const char *virGetEnvAllowSUID(const char *name);
|
||||
bool virIsSUID(void);
|
||||
|
||||
#endif /* __VIR_UTIL_H__ */
|
||||
|
Loading…
x
Reference in New Issue
Block a user