Add helpers for getting env vars in a setuid environment

Care must be taken accessing env variables when running setuid. Introduce a virGetEnvAllowSUID for env vars which are safe to use in a setuid environment, and another virGetEnvBlockSUID for vars which are not safe. Also add a virIsSUID helper method for any other non-env var code to use. Signed-off-by: N Daniel P. Berrange <berrange@redhat.com>

Add helpers for getting env vars in a setuid environment
Care must be taken accessing env variables when running setuid. Introduce a virGetEnvAllowSUID for env vars which are safe to use in a setuid environment, and another virGetEnvBlockSUID for vars which are not safe. Also add a virIsSUID helper method for any other non-env var code to use. Signed-off-by: N Daniel P. Berrange <berrange@redhat.com>
ae53e5d1 · Daniel P. Berrange · 57687fd6 · ae53e5d1 · ae53e5d1 · ae53e5d1
Showing with 47 addition and 0 deletion

bootstrap.conf bootstrap.conf +1 -0

src/libvirt_private.syms src/libvirt_private.syms +3 -0

src/util/virutil.c src/util/virutil.c +39 -0

src/util/virutil.h src/util/virutil.h +4 -0

未找到文件。
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -93,6 +93,7 @@ recv
 regex
 random_r
 sched
+secure_getenv
 send
 setenv
 setsockopt

--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1859,6 +1859,8 @@ virFindFCHostCapableVport;
 virFormatIntDecimal;
 virGetDeviceID;
 virGetDeviceUnprivSGIO;
+virGetEnvAllowSUID;
+virGetEnvBlockSUID;
 virGetFCHostNameByWWN;
 virGetGroupID;
 virGetGroupList;
@@ -1877,6 +1879,7 @@ virIndexToDiskName;
 virIsCapableFCHost;
 virIsCapableVport;
 virIsDevMapperDevice;
+virIsSUID;
 virManageVport;
 virParseNumber;
 virParseOwnershipIds;

--- a/src/util/virutil.c
+++ b/src/util/virutil.c
@@ -2131,3 +2131,42 @@ cleanup:

    return rc;
 }
+
+
+/**
+ * virGetEnvBlockSUID:
+ * @name: the environment variable name
+ *
+ * Obtain an environment variable which is unsafe to
+ * use when running setuid. If running setuid, a NULL
+ * value will be returned
+ */
+const char *virGetEnvBlockSUID(const char *name)
+{
+    return secure_getenv(name);
+}
+
+
+/**
+ * virGetEnvBlockSUID:
+ * @name: the environment variable name
+ *
+ * Obtain an environment variable which is safe to
+ * use when running setuid. The value will be returned
+ * even when running setuid
+ */
+const char *virGetEnvAllowSUID(const char *name)
+{
+    return getenv(name);
+}
+
+
+/**
+ * virIsSUID:
+ * Return a true value if running setuid. Does not
+ * check for elevated capabilities bits.
+ */
+bool virIsSUID(void)
+{
+    return getuid() != geteuid();
+}
--- a/src/util/virutil.h
+++ b/src/util/virutil.h
@@ -172,4 +172,8 @@ int virCompareLimitUlong(unsigned long long a, unsigned long long b);

 int virParseOwnershipIds(const char *label, uid_t *uidPtr, gid_t *gidPtr);

+const char *virGetEnvBlockSUID(const char *name);
+const char *virGetEnvAllowSUID(const char *name);
+bool virIsSUID(void);
+
 #endif /* __VIR_UTIL_H__ */