Commit | Line | Data |
---|---|---|
2d8adcbd MM |
1 | /* Look up an environment variable, returning NULL in insecure situations. |
2 | ||
3 | Copyright 2013-2016 Free Software Foundation, Inc. | |
4 | ||
5 | This program is free software: you can redistribute it and/or modify it | |
6 | under the terms of the GNU General Public License as published | |
7 | by the Free Software Foundation; either version 3 of the License, or | |
8 | (at your option) any later version. | |
9 | ||
10 | This program is distributed in the hope that it will be useful, | |
11 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
13 | General Public License for more details. | |
14 | ||
15 | You should have received a copy of the GNU General Public License | |
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. */ | |
17 | ||
18 | #include <config.h> | |
19 | ||
20 | #include <stdlib.h> | |
21 | ||
22 | #if !HAVE___SECURE_GETENV | |
23 | # if HAVE_ISSETUGID || (HAVE_GETUID && HAVE_GETEUID && HAVE_GETGID && HAVE_GETEGID) | |
24 | # include <unistd.h> | |
25 | # endif | |
26 | #endif | |
27 | ||
28 | char * | |
29 | secure_getenv (char const *name) | |
30 | { | |
31 | #if HAVE___SECURE_GETENV /* glibc */ | |
32 | return __secure_getenv (name); | |
33 | #elif HAVE_ISSETUGID /* OS X, FreeBSD, NetBSD, OpenBSD */ | |
34 | if (issetugid ()) | |
35 | return NULL; | |
36 | return getenv (name); | |
37 | #elif HAVE_GETUID && HAVE_GETEUID && HAVE_GETGID && HAVE_GETEGID /* other Unix */ | |
38 | if (geteuid () != getuid () || getegid () != getgid ()) | |
39 | return NULL; | |
40 | return getenv (name); | |
41 | #elif (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__ /* native Windows */ | |
42 | /* On native Windows, there is no such concept as setuid or setgid binaries. | |
43 | - Programs launched as system services have high privileges, but they don't | |
44 | inherit environment variables from a user. | |
45 | - Programs launched by a user with "Run as Administrator" have high | |
46 | privileges and use the environment variables, but the user has been asked | |
47 | whether he agrees. | |
48 | - Programs launched by a user without "Run as Administrator" cannot gain | |
49 | high privileges, therefore there is no risk. */ | |
50 | return getenv (name); | |
51 | #else | |
52 | return NULL; | |
53 | #endif | |
54 | } |