Block all use of getenv with syntax-check

The use of getenv is typically insecure, and we want people
to use our wrappers, to force them to think about setuid
needs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

diff --git a/cfg.mk b/cfg.mk
index 3e44439dfd6a87b2947358a19cf7357fcf3ee6e0..56821e249d953a6ac16e085ede62964ce2b269a2 100644 (file)
--- a/cfg.mk
+++ b/cfg.mk
@@ -859,6 +859,11 @@ sc_prohibit_unbounded_arrays_in_rpc:
        halt='Arrays in XDR must have a upper limit set for <NNN>'      \
          $(_sc_search_regexp)
 
+sc_prohibit_getenv:
+       @prohibit='\b(secure_)?getenv *\('                              \
+       exclude='exempt from syntax-check'                              \
+       halt='Use virGetEnv{Allow,Block}SUID instead of getenv'         \
+         $(_sc_search_regexp)
 
 # We don't use this feature of maint.mk.
 prev_version_file = /dev/null
@@ -1028,3 +1033,6 @@ exclude_file_name_regexp--sc_prohibit_include_public_headers_brackets = \
 
 exclude_file_name_regexp--sc_prohibit_int_ijk = \
   ^(src/remote_protocol-structs|src/remote/remote_protocol.x|cfg.mk|include/)$
+
+exclude_file_name_regexp--sc_prohibit_getenv = \
+  ^tests/.*\.[ch]$$

diff --git a/src/util/virutil.c b/src/util/virutil.c
index 7e24b4a01c37b2757a57d9a5bc3e3b4ee9633a3a..87cc2e7515143d68774972808507dc15f3774ed4 100644 (file)
--- a/src/util/virutil.c
+++ b/src/util/virutil.c
@@ -2143,7 +2143,7 @@ cleanup:
  */
 const char *virGetEnvBlockSUID(const char *name)
 {
-    return secure_getenv(name);
+    return secure_getenv(name); /* exempt from syntax-check-rules */
 }
 
 
@@ -2157,7 +2157,7 @@ const char *virGetEnvBlockSUID(const char *name)
  */
 const char *virGetEnvAllowSUID(const char *name)
 {
-    return getenv(name);
+    return getenv(name); /* exempt from syntax-check-rules */
 }