Add helpers for getting env vars in a setuid environment

Care must be taken accessing env variables when running setuid. Introduce a virGetEnvAllowSUID for env vars which are safe to use in a setuid environment, and another virGetEnvBlockSUID for vars which are not safe. Also add a virIsSUID helper method for any other non-env var code to use. Signed-off-by: N Daniel P. Berrange <berrange@redhat.com> (cherry picked from commit ae53e5d1)

Add helpers for getting env vars in a setuid environment
Care must be taken accessing env variables when running setuid. Introduce a virGetEnvAllowSUID for env vars which are safe to use in a setuid environment, and another virGetEnvBlockSUID for vars which are not safe. Also add a virIsSUID helper method for any other non-env var code to use. Signed-off-by: N Daniel P. Berrange <berrange@redhat.com> (cherry picked from commit ae53e5d1)
25ebb2f8 · Daniel P. Berrange · 1adbe4fa · 25ebb2f8 · 25ebb2f8 · 25ebb2f8
Showing with 47 addition and 0 deletion

bootstrap.conf bootstrap.conf +1 -0

src/libvirt_private.syms src/libvirt_private.syms +3 -0

src/util/virutil.c src/util/virutil.c +39 -0

src/util/virutil.h src/util/virutil.h +4 -0

未找到文件。
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -93,6 +93,7 @@ recv
 regex
 random_r
 sched
+secure_getenv
 send
 setenv
 setsockopt

--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2051,6 +2051,8 @@ virFindFCHostCapableVport;
 virFormatIntDecimal;
 virGetDeviceID;
 virGetDeviceUnprivSGIO;
+virGetEnvAllowSUID;
+virGetEnvBlockSUID;
 virGetFCHostNameByWWN;
 virGetGroupID;
 virGetGroupList;
@@ -2069,6 +2071,7 @@ virIndexToDiskName;
 virIsCapableFCHost;
 virIsCapableVport;
 virIsDevMapperDevice;
+virIsSUID;
 virManageVport;
 virParseNumber;
 virParseOwnershipIds;

--- a/src/util/virutil.c
+++ b/src/util/virutil.c
@@ -2128,3 +2128,42 @@ cleanup:
    return rc;
 }
+/**
+ * virGetEnvBlockSUID:
+ * @name: the environment variable name
+ *
+ * Obtain an environment variable which is unsafe to
+ * use when running setuid. If running setuid, a NULL
+ * value will be returned
+ */
+const char *virGetEnvBlockSUID(const char *name)
+{
+    return secure_getenv(name);
+}
+/**
+ * virGetEnvBlockSUID:
+ * @name: the environment variable name
+ *
+ * Obtain an environment variable which is safe to
+ * use when running setuid. The value will be returned
+ * even when running setuid
+ */
+const char *virGetEnvAllowSUID(const char *name)
+{
+    return getenv(name);
+}
+/**
+ * virIsSUID:
+ * Return a true value if running setuid. Does not
+ * check for elevated capabilities bits.
+ */
+bool virIsSUID(void)
+{
+    return getuid() != geteuid();
+}
--- a/src/util/virutil.h
+++ b/src/util/virutil.h
@@ -172,4 +172,8 @@ int virCompareLimitUlong(unsigned long long a, unsigned long b);
 int virParseOwnershipIds(const char *label, uid_t *uidPtr, gid_t *gidPtr);
+const char *virGetEnvBlockSUID(const char *name);
+const char *virGetEnvAllowSUID(const char *name);
+bool virIsSUID(void);
 #endif /* __VIR_UTIL_H__ */