Attachment 606392 Details for Bug 847402 – updated glib patch

[patch] updated glib patch

0001-CVE-2012-3524-Hardening-for-being-run-in-a-setuid-en.patch (text/plain), 20.78 KB, created by Colin Walters on 2012-08-22 21:55:16 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Colin Walters

Created: 2012-08-22 21:55:16 UTC

Size: 20.78 KB

patch

obsolete

>From 737332cee8d701ede2dae6a2f9ad09532d17bb97 Mon Sep 17 00:00:00 2001
>From: Colin Walters <walters@verbum.org>
>Date: Wed, 22 Aug 2012 14:26:11 -0400
>Subject: [PATCH] CVE-2012-3524: Hardening for being run in a setuid
> environment
>
>[Backported to glib-2-32 from master]
>
>Some programs attempt to use libglib (or even libgio) when setuid.
>For a long time, GTK+ simply aborted if launched in this
>configuration, but we never had a real policy for GLib.
>
>I'm not sure whether we should advertise such support.  However, given
>that there are real-world programs that do this currently, we can make
>them safer with not too much effort.
>
>Better to fix a problem caused by an interaction between two
>components in *both* places if possible.
>
>This patch adds a private function g_check_setuid() which is used to
>first ensure we don't run an external dbus-launch binary if
>DBUS_SESSION_BUS_ADDRESS isn't set. Second, we add a new
>g_getenv_secure() which is the moral equivalent of __secure_getenv(),
>and use it for a selected subset of environment variables like
>GIO_EXTRA_MODULES.
>
>Originally I just changed g_getenv(), but this would break policykit's
>"pkexec" program.
>
>Implementing g_check_setuid() is interesting - whether or not we're
>running in a privilege-escalated path is operating system specific.
>Note that GTK+'s code to check euid versus uid worked historically on
>Unix, more modern systems have filesystem capabilities and SELinux
>domain transitions, neither of which are captured by the uid
>comparison.
>
>On Linux/glibc, the way this works is that the kernel sets an
>AT_SECURE flag in the ELF auxiliary vector, and glibc looks for it on
>startup.  If found, then glibc sets a public-but-undocumented
>__libc_enable_secure variable which we can use.  Unfortunately, while
>it *previously* worked to check this variable, a combination of newer
>binutils and RPM break it:
>http://www.openwall.com/lists/owl-dev/2012/08/14/1
>
>So for now on Linux/glibc, we fall back to the historical Unix version
>until we get glibc fixed.
>
>On some BSD variants, there is a issetugid() function.  On other Unix
>variants, we fall back to what GTK+ has been doing.
>---
> configure.ac                 | 15 +++++++--
> gio/gdbusaddress.c           | 13 +++++---
> gio/gdbusauthmechanismsha1.c |  5 +--
> gio/gdbusconnection.c        |  3 +-
> gio/giomodule.c              |  5 +--
> gio/gsettingsschema.c        |  3 +-
> gio/inotify/inotify-diag.c   |  3 +-
> glib/genviron.c              | 13 ++++++++
> glib/glib-private.c          |  5 ++-
> glib/glib-private.h          |  7 ++++
> glib/glib.symbols            |  1 +
> glib/gmessages.c             |  3 +-
> glib/gutils.c                | 79 ++++++++++++++++++++++++++++++++++++++------
> gmodule/gmodule.c            |  3 +-
> gobject/gobject.c            |  3 +-
> gobject/gsignal.c            |  3 +-
> gobject/gtype.c              |  3 +-
> 17 files changed, 138 insertions(+), 29 deletions(-)
>
>diff --git a/configure.ac b/configure.ac
>index 584df1d..67ea1a9 100644
>--- a/configure.ac
>+++ b/configure.ac
>@@ -583,9 +583,20 @@ AC_TRY_COMPILE([#include <dirent.h>], [DIR *dir;],
> # Checks for library functions.
> AC_FUNC_VPRINTF
> AC_FUNC_ALLOCA
>-AC_CHECK_FUNCS(mmap posix_memalign memalign valloc fsync pipe2)
>+AC_CHECK_FUNCS(mmap posix_memalign memalign valloc fsync pipe2 issetugid)
> AC_CHECK_FUNCS(atexit on_exit timegm gmtime_r)
> 
>+AC_CACHE_CHECK([for __libc_enable_secure], glib_cv_have_libc_enable_secure,
>+  [AC_TRY_LINK([#include <unistd.h>
>+    extern int __libc_enable_secure;],
>+    [return __libc_enable_secure;],
>+   glib_cv_have_libc_enable_secure=yes,
>+   glib_cv_have_libc_enable_secure=no)])
>+AS_IF([test x$glib_cv_have_libc_enable_secure = xyes], [
>+   AC_DEFINE(HAVE_LIBC_ENABLE_SECURE, 1,
>+     [Define if you have the __libc_enable_secure variable (GNU libc, eglibc)])
>+])
>+
> AC_CHECK_SIZEOF(char)
> AC_CHECK_SIZEOF(short)
> AC_CHECK_SIZEOF(long)
>@@ -984,7 +995,7 @@ AC_MSG_RESULT(unsigned $glib_size_type)
> 
> # Check for some functions
> AC_CHECK_FUNCS(lstat strerror strsignal memmove vsnprintf stpcpy strcasecmp strncasecmp poll getcwd vasprintf setenv unsetenv getc_unlocked readlink symlink fdwalk memmem)
>-AC_CHECK_FUNCS(chown lchmod lchown fchmod fchown link utimes getgrgid getpwuid)
>+AC_CHECK_FUNCS(chown lchmod lchown fchmod fchown link utimes getgrgid getpwuid getresuid)
> AC_CHECK_FUNCS(getmntent_r setmntent endmntent hasmntopt getfsstat getvfsstat)
> # Check for high-resolution sleep functions
> AC_CHECK_FUNCS(splice)
>diff --git a/gio/gdbusaddress.c b/gio/gdbusaddress.c
>index 4aa13b9..a18aa57 100644
>--- a/gio/gdbusaddress.c
>+++ b/gio/gdbusaddress.c
>@@ -37,6 +37,7 @@
> #include "giostream.h"
> #include "gasyncresult.h"
> #include "gsimpleasyncresult.h"
>+#include "glib-private.h"
> #include "gdbusprivate.h"
> #include "giomodule-priv.h"
> #include "gdbusdaemon.h"
>@@ -1015,6 +1016,10 @@ get_session_address_dbus_launch (GError **error)
>   gchar *old_dbus_verbose;
>   gboolean restore_dbus_verbose;
> 
>+  /* Don't run binaries as root if we're setuid. */
>+  if (GLIB_PRIVATE_CALL (g_check_setuid) ())
>+    return NULL;
>+
>   ret = NULL;
>   machine_id = NULL;
>   command_line = NULL;
>@@ -1507,7 +1512,7 @@ g_dbus_address_get_for_bus_sync (GBusType       bus_type,
>             case 2: k = "DBUS_STARTER_BUS_TYPE"; break;
>             default: g_assert_not_reached ();
>             }
>-          v = g_getenv (k);
>+          v = GLIB_PRIVATE_CALL (g_getenv_secure) (k);
>           g_print ("GDBus-debug:Address: env var %s", k);
>           if (v != NULL)
>             g_print ("=`%s'\n", v);
>@@ -1520,7 +1525,7 @@ g_dbus_address_get_for_bus_sync (GBusType       bus_type,
>   switch (bus_type)
>     {
>     case G_BUS_TYPE_SYSTEM:
>-      ret = g_strdup (g_getenv ("DBUS_SYSTEM_BUS_ADDRESS"));
>+      ret = g_strdup (GLIB_PRIVATE_CALL (g_getenv_secure) ("DBUS_SYSTEM_BUS_ADDRESS"));
>       if (ret == NULL)
>         {
>           ret = g_strdup ("unix:path=/var/run/dbus/system_bus_socket");
>@@ -1528,7 +1533,7 @@ g_dbus_address_get_for_bus_sync (GBusType       bus_type,
>       break;
> 
>     case G_BUS_TYPE_SESSION:
>-      ret = g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS"));
>+      ret = g_strdup (GLIB_PRIVATE_CALL (g_getenv_secure) ("DBUS_SESSION_BUS_ADDRESS"));
>       if (ret == NULL)
>         {
>           ret = get_session_address_platform_specific (&local_error);
>@@ -1536,7 +1541,7 @@ g_dbus_address_get_for_bus_sync (GBusType       bus_type,
>       break;
> 
>     case G_BUS_TYPE_STARTER:
>-      starter_bus = g_getenv ("DBUS_STARTER_BUS_TYPE");
>+      starter_bus = GLIB_PRIVATE_CALL (g_getenv_secure) ("DBUS_STARTER_BUS_TYPE");
>       if (g_strcmp0 (starter_bus, "session") == 0)
>         {
>           ret = g_dbus_address_get_for_bus_sync (G_BUS_TYPE_SESSION, cancellable, &local_error);
>diff --git a/gio/gdbusauthmechanismsha1.c b/gio/gdbusauthmechanismsha1.c
>index 4729208..d144110 100644
>--- a/gio/gdbusauthmechanismsha1.c
>+++ b/gio/gdbusauthmechanismsha1.c
>@@ -34,6 +34,7 @@
> #endif
> 
> #include <glib/gstdio.h>
>+#include "glib-private.h"
> 
> #include "gdbusauthmechanismsha1.h"
> #include "gcredentials.h"
>@@ -240,7 +241,7 @@ ensure_keyring_directory (GError **error)
> 
>   g_return_val_if_fail (error == NULL || *error == NULL, NULL);
> 
>-  e = g_getenv ("G_DBUS_COOKIE_SHA1_KEYRING_DIR");
>+  e = GLIB_PRIVATE_CALL (g_getenv_secure) ("G_DBUS_COOKIE_SHA1_KEYRING_DIR");
>   if (e != NULL)
>     {
>       path = g_strdup (e);
>@@ -254,7 +255,7 @@ ensure_keyring_directory (GError **error)
> 
>   if (g_file_test (path, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_DIR))
>     {
>-      if (g_getenv ("G_DBUS_COOKIE_SHA1_KEYRING_DIR_IGNORE_PERMISSION") == NULL)
>+      if (GLIB_PRIVATE_CALL (g_getenv_secure) ("G_DBUS_COOKIE_SHA1_KEYRING_DIR_IGNORE_PERMISSION") == NULL)
>         {
> #ifdef G_OS_UNIX
>           struct stat statbuf;
>diff --git a/gio/gdbusconnection.c b/gio/gdbusconnection.c
>index 511f1bb..842c616 100644
>--- a/gio/gdbusconnection.c
>+++ b/gio/gdbusconnection.c
>@@ -111,6 +111,7 @@
> #endif
> 
> #include "gdbusauth.h"
>+#include "glib-private.h"
> #include "gdbusutils.h"
> #include "gdbusaddress.h"
> #include "gdbusmessage.h"
>@@ -6684,7 +6685,7 @@ message_bus_get_singleton (GBusType   bus_type,
>       break;
> 
>     case G_BUS_TYPE_STARTER:
>-      starter_bus = g_getenv ("DBUS_STARTER_BUS_TYPE");
>+      starter_bus = GLIB_PRIVATE_CALL (g_getenv_secure) ("DBUS_STARTER_BUS_TYPE");
>       if (g_strcmp0 (starter_bus, "session") == 0)
>         {
>           ret = message_bus_get_singleton (G_BUS_TYPE_SESSION, error);
>diff --git a/gio/giomodule.c b/gio/giomodule.c
>index d8ce138..2e05fba 100644
>--- a/gio/giomodule.c
>+++ b/gio/giomodule.c
>@@ -25,6 +25,7 @@
> #include <string.h>
> 
> #include "giomodule.h"
>+#include "glib-private.h"
> #include "giomodule-priv.h"
> #include "glocalfilemonitor.h"
> #include "glocaldirectorymonitor.h"
>@@ -717,7 +718,7 @@ _g_io_module_get_default (const gchar         *extension_point,
>       return NULL;
>     }
> 
>-  use_this = envvar ? g_getenv (envvar) : NULL;
>+  use_this = envvar ? GLIB_PRIVATE_CALL (g_getenv_secure) (envvar) : NULL;
>   if (use_this)
>     {
>       preferred = g_io_extension_point_get_extension_by_name (ep, use_this);
>@@ -887,7 +888,7 @@ _g_io_modules_ensure_loaded (void)
>       scope = g_io_module_scope_new (G_IO_MODULE_SCOPE_BLOCK_DUPLICATES);
> 
>       /* First load any overrides, extras */
>-      module_path = g_getenv ("GIO_EXTRA_MODULES");
>+      module_path = GLIB_PRIVATE_CALL (g_getenv_secure) ("GIO_EXTRA_MODULES");
>       if (module_path)
> 	{
> 	  gchar **paths;
>diff --git a/gio/gsettingsschema.c b/gio/gsettingsschema.c
>index f8be19f..cb66370 100644
>--- a/gio/gsettingsschema.c
>+++ b/gio/gsettingsschema.c
>@@ -22,6 +22,7 @@
> 
> #include "gsettingsschema-internal.h"
> #include "gsettings.h"
>+#include "glib-private.h"
> 
> #include "gvdb/gvdb-reader.h"
> #include "strinfo.c"
>@@ -336,7 +337,7 @@ initialise_schema_sources (void)
>           g_free (filename);
>         }
> 
>-      if ((path = g_getenv ("GSETTINGS_SCHEMA_DIR")) != NULL)
>+      if ((path = GLIB_PRIVATE_CALL (g_getenv_secure) ("GSETTINGS_SCHEMA_DIR")) != NULL)
>         {
>           gchar *filename;
>           GvdbTable *table;
>diff --git a/gio/inotify/inotify-diag.c b/gio/inotify/inotify-diag.c
>index 937ebd7..2c0e85d 100644
>--- a/gio/inotify/inotify-diag.c
>+++ b/gio/inotify/inotify-diag.c
>@@ -27,6 +27,7 @@
> #include <glib.h>
> #include <sys/types.h>
> #include <unistd.h>
>+#include "glib-private.h"
> #include "inotify-missing.h"
> #include "inotify-path.h"
> #include "inotify-diag.h"
>@@ -67,7 +68,7 @@ id_dump (gpointer userdata)
> void
> _id_startup (void)
> {
>-  if (!g_getenv ("GVFS_INOTIFY_DIAG"))
>+  if (!GLIB_PRIVATE_CALL (g_getenv_secure) ("GVFS_INOTIFY_DIAG"))
>     return;
> 	
>   g_timeout_add (DIAG_DUMP_TIME, id_dump, NULL);
>diff --git a/glib/genviron.c b/glib/genviron.c
>index 59a8bbe..0bec386 100644
>--- a/glib/genviron.c
>+++ b/glib/genviron.c
>@@ -40,6 +40,7 @@
> #include <windows.h>
> #endif
> 
>+#include "glib-private.h"
> #include "gmem.h"
> #include "gmessages.h"
> #include "gstrfuncs.h"
>@@ -226,6 +227,18 @@ g_environ_unsetenv (gchar       **envp,
>   return g_environ_unsetenv_internal (envp, variable, TRUE);
> }
> 
>+/* Private backport of 2.34 API */
>+const gchar *
>+g_getenv_secure (const gchar *variable)
>+{
>+  g_return_val_if_fail (variable != NULL, NULL);
>+
>+  if (GLIB_PRIVATE_CALL (g_check_setuid) ())
>+    return NULL;
>+
>+  return g_getenv (variable);
>+}
>+
> /* UNIX implemention {{{1 */
> #ifndef G_OS_WIN32
> 
>diff --git a/glib/glib-private.c b/glib/glib-private.c
>index 3946e77..81a0e35 100644
>--- a/glib/glib-private.c
>+++ b/glib/glib-private.c
>@@ -38,7 +38,10 @@ glib__private__ (void)
>     g_wakeup_signal,
>     g_wakeup_acknowledge,
> 
>-    g_get_worker_context
>+    g_get_worker_context,
>+
>+    g_check_setuid,
>+    g_getenv_secure
>   };
> 
>   return &table;
>diff --git a/glib/glib-private.h b/glib/glib-private.h
>index fde0be8..d6017c6 100644
>--- a/glib/glib-private.h
>+++ b/glib/glib-private.h
>@@ -25,6 +25,10 @@
> 
> G_GNUC_INTERNAL
> GMainContext *          g_get_worker_context            (void);
>+G_GNUC_INTERNAL
>+gboolean                g_check_setuid                  (void);
>+G_GNUC_INTERNAL
>+const char *            g_getenv_secure                 (const char *variable);
> 
> #define GLIB_PRIVATE_CALL(symbol) (glib__private__()->symbol)
> 
>@@ -40,6 +44,9 @@ typedef struct {
>   /* See gmain.c */
>   GMainContext *        (* g_get_worker_context)        (void);
>   /* Add other private functions here, initialize them in glib-private.c */
>+
>+  gboolean              (* g_check_setuid)              (void);
>+  const char *          (* g_getenv_secure)             (const char *variable);
> } GLibPrivateVTable;
> 
> GLibPrivateVTable *glib__private__ (void);
>diff --git a/glib/glib.symbols b/glib/glib.symbols
>index 6c2db0d..6cc6099 100644
>--- a/glib/glib.symbols
>+++ b/glib/glib.symbols
>@@ -1323,6 +1323,7 @@ g_str_hash
> g_atexit
> g_basename
> g_get_application_name
>+g_getenv_secure
> #ifndef _WIN64
> g_find_program_in_path PRIVATE
> g_get_current_dir PRIVATE
>diff --git a/glib/gmessages.c b/glib/gmessages.c
>index f32d51c..3bec638 100644
>--- a/glib/gmessages.c
>+++ b/glib/gmessages.c
>@@ -62,6 +62,7 @@
> #include "gmessages.h"
> 
> #include "glib-init.h"
>+#include "glib-private.h"
> #include "gbacktrace.h"
> #include "gcharset.h"
> #include "gconvert.h"
>@@ -1187,7 +1188,7 @@ g_log_default_handler (const gchar   *log_domain,
>   if ((log_level & DEFAULT_LEVELS) || (log_level >> G_LOG_LEVEL_USER_SHIFT))
>     goto emit;
> 
>-  domains = g_getenv ("G_MESSAGES_DEBUG");
>+  domains = GLIB_PRIVATE_CALL (g_getenv_secure) ("G_MESSAGES_DEBUG");
>   if (((log_level & INFO_LEVELS) == 0) ||
>       domains == NULL ||
>       (strcmp (domains, "all") != 0 && (!log_domain || !strstr (domains, log_domain))))
>diff --git a/glib/gutils.c b/glib/gutils.c
>index 38b5e44..5c25b9f 100644
>--- a/glib/gutils.c
>+++ b/glib/gutils.c
>@@ -60,6 +60,7 @@
> #include "gutils.h"
> 
> #include "glib-init.h"
>+#include "glib-private.h"
> #include "genviron.h"
> #include "gfileutils.h"
> #include "ggettext.h"
>@@ -659,18 +660,18 @@ g_get_any_init_do (void)
> {
>   gchar hostname[100];
> 
>-  g_tmp_dir = g_strdup (g_getenv ("TMPDIR"));
>+  g_tmp_dir = g_strdup (GLIB_PRIVATE_CALL (g_getenv_secure) ("TMPDIR"));
> 
>   if (g_tmp_dir == NULL || *g_tmp_dir == '\0')
>     {
>       g_free (g_tmp_dir);
>-      g_tmp_dir = g_strdup (g_getenv ("TMP"));
>+      g_tmp_dir = g_strdup (GLIB_PRIVATE_CALL (g_getenv_secure) ("TMP"));
>     }
> 
>   if (g_tmp_dir == NULL || *g_tmp_dir == '\0')
>     {
>       g_free (g_tmp_dir);
>-      g_tmp_dir = g_strdup (g_getenv ("TEMP"));
>+      g_tmp_dir = g_strdup (GLIB_PRIVATE_CALL (g_getenv_secure) ("TEMP"));
>     }
> 
> #ifdef G_OS_WIN32
>@@ -760,7 +761,7 @@ g_get_any_init_do (void)
>     glong bufsize = 64;
> #    endif /* _SC_GETPW_R_SIZE_MAX */
> 
>-    logname = (gchar *) g_getenv ("LOGNAME");
>+    logname = (gchar *) GLIB_PRIVATE_CALL (g_getenv_secure) ("LOGNAME");
>         
>     do
>       {
>@@ -876,7 +877,7 @@ g_get_any_init_do (void)
> 
> #ifndef G_OS_WIN32
>   if (!g_home_dir)
>-    g_home_dir = g_strdup (g_getenv ("HOME"));
>+    g_home_dir = g_strdup (GLIB_PRIVATE_CALL (g_getenv_secure) ("HOME"));
> #endif
> 
> #ifdef __EMX__
>@@ -1221,7 +1222,7 @@ g_get_user_data_dir (void)
> #ifdef G_OS_WIN32
>       data_dir = get_special_folder (CSIDL_LOCAL_APPDATA);
> #else
>-      data_dir = (gchar *) g_getenv ("XDG_DATA_HOME");
>+      data_dir = (gchar *) GLIB_PRIVATE_CALL (g_getenv_secure) ("XDG_DATA_HOME");
> 
>       if (data_dir && data_dir[0])
>         data_dir = g_strdup (data_dir);
>@@ -1258,7 +1259,7 @@ g_init_user_config_dir (void)
> #ifdef G_OS_WIN32
>       config_dir = get_special_folder (CSIDL_LOCAL_APPDATA);
> #else
>-      config_dir = (gchar *) g_getenv ("XDG_CONFIG_HOME");
>+      config_dir = (gchar *) GLIB_PRIVATE_CALL (g_getenv_secure) ("XDG_CONFIG_HOME");
> 
>       if (config_dir && config_dir[0])
> 	config_dir = g_strdup (config_dir);
>@@ -1341,7 +1342,7 @@ g_get_user_cache_dir (void)
> #ifdef G_OS_WIN32
>       cache_dir = get_special_folder (CSIDL_INTERNET_CACHE); /* XXX correct? */
> #else
>-      cache_dir = (gchar *) g_getenv ("XDG_CACHE_HOME");
>+      cache_dir = (gchar *) GLIB_PRIVATE_CALL (g_getenv_secure) ("XDG_CACHE_HOME");
> 
>       if (cache_dir && cache_dir[0])
>           cache_dir = g_strdup (cache_dir);
>@@ -2006,7 +2007,7 @@ g_get_system_data_dirs (void)
> #ifdef G_OS_WIN32
>       data_dir_vector = (gchar **) g_win32_get_system_data_dirs_for_module (NULL);
> #else
>-      gchar *data_dirs = (gchar *) g_getenv ("XDG_DATA_DIRS");
>+      gchar *data_dirs = (gchar *) GLIB_PRIVATE_CALL (g_getenv_secure) ("XDG_DATA_DIRS");
> 
>       if (!data_dirs || !data_dirs[0])
>           data_dirs = "/usr/local/share/:/usr/share/";
>@@ -2068,7 +2069,7 @@ g_get_system_config_dirs (void)
> 	  conf_dir_vector = g_strsplit ("", G_SEARCHPATH_SEPARATOR_S, 0);
> 	}
> #else
>-      conf_dirs = (gchar *) g_getenv ("XDG_CONFIG_DIRS");
>+      conf_dirs = (gchar *) GLIB_PRIVATE_CALL (g_getenv_secure) ("XDG_CONFIG_DIRS");
> 
>       if (!conf_dirs || !conf_dirs[0])
>           conf_dirs = "/etc/xdg";
>@@ -2409,3 +2410,61 @@ g_get_tmp_dir (void)
> }
> 
> #endif
>+
>+/* Private API:
>+ *
>+ * Returns %TRUE if the current process was executed as setuid (or an
>+ * equivalent __libc_enable_secure is available).  See:
>+ * http://osdir.com/ml/linux.lfs.hardened/2007-04/msg00032.html
>+ */ 
>+gboolean
>+g_check_setuid (void)
>+{
>+  /* TODO: get __libc_enable_secure exported from glibc.
>+   * See http://www.openwall.com/lists/owl-dev/2012/08/14/1
>+   */
>+#if 0 && defined(HAVE_LIBC_ENABLE_SECURE)
>+  {
>+    /* See glibc/include/unistd.h */
>+    extern int __libc_enable_secure;
>+    return __libc_enable_secure;
>+  }
>+#elif defined(HAVE_ISSETUGID)
>+  /* BSD: http://www.freebsd.org/cgi/man.cgi?query=issetugid&sektion=2 */
>+  return issetugid ();
>+#elif defined(G_OS_UNIX)
>+  uid_t ruid, euid, suid; /* Real, effective and saved user ID's */
>+  gid_t rgid, egid, sgid; /* Real, effective and saved group ID's */
>+
>+  static gsize check_setuid_initialised;
>+  static gboolean is_setuid;
>+
>+  if (g_once_init_enter (&check_setuid_initialised))
>+    {
>+#ifdef HAVE_GETRESUID
>+      /* These aren't in the header files, so we prototype them here.
>+       */
>+      int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid);
>+      int getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid);
>+      
>+      if (getresuid (&ruid, &euid, &suid) != 0 ||
>+          getresgid (&rgid, &egid, &sgid) != 0)
>+#endif /* HAVE_GETRESUID */
>+        {
>+          suid = ruid = getuid ();
>+          sgid = rgid = getgid ();
>+          euid = geteuid ();
>+          egid = getegid ();
>+        }
>+
>+      is_setuid = (ruid != euid || ruid != suid ||
>+                   rgid != egid || rgid != sgid);
>+
>+      g_once_init_leave (&check_setuid_initialised, 1);
>+    }
>+  return is_setuid;
>+#else
>+  return FALSE;
>+#endif
>+}
>+
>diff --git a/gmodule/gmodule.c b/gmodule/gmodule.c
>index f373833..3944b1e 100644
>--- a/gmodule/gmodule.c
>+++ b/gmodule/gmodule.c
>@@ -32,6 +32,7 @@
> 
> #include "glib.h"
> #include "gmodule.h"
>+#include "glib-private.h"
> 
> #include <errno.h>
> #include <string.h>
>@@ -463,7 +464,7 @@ _g_module_debug_init (void)
>   };
>   const gchar *env;
> 
>-  env = g_getenv ("G_DEBUG");
>+  env = GLIB_PRIVATE_CALL (g_getenv_secure) ("G_DEBUG");
> 
>   module_debug_flags =
>     !env ? 0 : g_parse_debug_string (env, keys, G_N_ELEMENTS (keys));
>diff --git a/gobject/gobject.c b/gobject/gobject.c
>index 69f14a8..4fcc168 100644
>--- a/gobject/gobject.c
>+++ b/gobject/gobject.c
>@@ -28,6 +28,7 @@
> 
> #include "gobject.h"
> #include "gtype-private.h"
>+#include "glib-private.h"
> #include "gvaluecollector.h"
> #include "gsignal.h"
> #include "gparamspecs.h"
>@@ -1314,7 +1315,7 @@ object_set_property (GObject             *object,
> 
>   if (G_UNLIKELY (!enable_diagnostic))
>     {
>-      enable_diagnostic = g_getenv ("G_ENABLE_DIAGNOSTIC");
>+      enable_diagnostic = GLIB_PRIVATE_CALL (g_getenv_secure) ("G_ENABLE_DIAGNOSTIC");
>       if (!enable_diagnostic)
>         enable_diagnostic = "0";
>     }
>diff --git a/gobject/gsignal.c b/gobject/gsignal.c
>index 6913979..e81d2d6 100644
>--- a/gobject/gsignal.c
>+++ b/gobject/gsignal.c
>@@ -31,6 +31,7 @@
> 
> #include "gsignal.h"
> #include "gtype-private.h"
>+#include "glib-private.h"
> #include "gbsearcharray.h"
> #include "gvaluecollector.h"
> #include "gvaluetypes.h"
>@@ -2371,7 +2372,7 @@ node_check_deprecated (const SignalNode *node)
> 
>   if (G_UNLIKELY (!g_enable_diagnostic))
>     {
>-      g_enable_diagnostic = g_getenv ("G_ENABLE_DIAGNOSTIC");
>+      g_enable_diagnostic = GLIB_PRIVATE_CALL (g_getenv_secure) ("G_ENABLE_DIAGNOSTIC");
>       if (!g_enable_diagnostic)
>         g_enable_diagnostic = "0";
>     }
>diff --git a/gobject/gtype.c b/gobject/gtype.c
>index 43fdbc6..a386050 100644
>--- a/gobject/gtype.c
>+++ b/gobject/gtype.c
>@@ -27,6 +27,7 @@
> 
> #include "gtype.h"
> #include "gtype-private.h"
>+#include "glib-private.h"
> #include "gtypeplugin.h"
> #include "gvaluecollector.h"
> #include "gbsearcharray.h"
>@@ -4290,7 +4291,7 @@ g_type_init_with_debug_flags (GTypeDebugFlags debug_flags)
>   
>   /* setup GObject library wide debugging flags */
>   _g_type_debug_flags = debug_flags & G_TYPE_DEBUG_MASK;
>-  env_string = g_getenv ("GOBJECT_DEBUG");
>+  env_string = GLIB_PRIVATE_CALL (g_getenv_secure) ("GOBJECT_DEBUG");
>   if (env_string != NULL)
>     {
>       GDebugKey debug_keys[] = {
>-- 
>1.7.11.4
>

Actions: View | Diff

Attachments on bug 847402: 606063 | 606064 | 606084 | 606355 | 606392