Block all use of getenv with syntax-check

The use of getenv is typically insecure, and we want people to use our wrappers, to force them to think about setuid needs. Signed-off-by: N Daniel P. Berrange <berrange@redhat.com> (cherry picked from commit 71b21f12)

Block all use of getenv with syntax-check
The use of getenv is typically insecure, and we want people to use our wrappers, to force them to think about setuid needs. Signed-off-by: N Daniel P. Berrange <berrange@redhat.com> (cherry picked from commit 71b21f12)
d47659dc · Daniel P. Berrange · 97f3a8d8 · d47659dc · d47659dc
隐藏空白更改
内联并排

Showing with 10 addition and 2 deletion

cfg.mk cfg.mk +8 -0

src/util/virutil.c src/util/virutil.c +2 -2

未找到文件。
--- a/cfg.mk
+++ b/cfg.mk
@@ -842,6 +842,11 @@ sc_prohibit_unbounded_arrays_in_rpc:
 	halt='Arrays in XDR must have a upper limit set for <NNN>'	\
 	  $(_sc_search_regexp)

+sc_prohibit_getenv:
+	@prohibit='\b(secure_)?getenv *\('				\
+	exclude='exempt from syntax-check'				\
+	halt='Use virGetEnv{Allow,Block}SUID instead of getenv'		\
+	  $(_sc_search_regexp)

 # We don't use this feature of maint.mk.
 prev_version_file = /dev/null
@@ -1011,3 +1016,6 @@ exclude_file_name_regexp--sc_prohibit_include_public_headers_brackets = \

 exclude_file_name_regexp--sc_prohibit_int_ijk = \
  ^(src/remote_protocol-structs|src/remote/remote_protocol.x|cfg.mk|include/)$
+
+exclude_file_name_regexp--sc_prohibit_getenv = \
+  ^tests/.*\.[ch]$$
--- a/src/util/virutil.c
+++ b/src/util/virutil.c
@@ -2128,7 +2128,7 @@ cleanup:
 */
 const char *virGetEnvBlockSUID(const char *name)
 {
-    return secure_getenv(name);
+    return secure_getenv(name); /* exempt from syntax-check-rules */
 }


@@ -2142,7 +2142,7 @@ const char *virGetEnvBlockSUID(const char *name)
 */
 const char *virGetEnvAllowSUID(const char *name)
 {
-    return getenv(name);
+    return getenv(name); /* exempt from syntax-check-rules */
 }