Add helpers for getting env vars in a setuid environment

author Daniel P. Berrange <berrange@redhat.com>

Wed, 9 Oct 2013 09:52:39 +0000 (10:52 +0100)

committer Daniel P. Berrange <berrange@redhat.com>

Mon, 21 Oct 2013 13:03:52 +0000 (14:03 +0100)
author Daniel P. Berrange <berrange@redhat.com>
Wed, 9 Oct 2013 09:52:39 +0000 (10:52 +0100)
committer Daniel P. Berrange <berrange@redhat.com>
Mon, 21 Oct 2013 13:03:52 +0000 (14:03 +0100)
diff --git a/bootstrap.conf b/bootstrap.conf

index 8b3721741a5a9edd050836c52f8f0107634827ab..d24a71432c41af42018e67cef3a38e63d21728ee 100644 (file)
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -93,6 +93,7 @@ recv
  regex
  random_r
  sched
+secure_getenv
  send
  setenv
  setsockopt
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms

index 84c1c28a18864ebb753f93bf490e527169cdc83d..9be6f327e705c6123ca2ed3c21338ba0186146ca 100644 (file)
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1859,6 +1859,8 @@ virFindFCHostCapableVport;
  virFormatIntDecimal;
  virGetDeviceID;
  virGetDeviceUnprivSGIO;
+virGetEnvAllowSUID;
+virGetEnvBlockSUID;
  virGetFCHostNameByWWN;
  virGetGroupID;
  virGetGroupList;
@@ -1877,6 +1879,7 @@ virIndexToDiskName;
  virIsCapableFCHost;
  virIsCapableVport;
  virIsDevMapperDevice;
+virIsSUID;
  virManageVport;
  virParseNumber;
  virParseOwnershipIds;
diff --git a/src/util/virutil.c b/src/util/virutil.c

index 854c0ad5ec365ff6dce9d9d1a5bfc1ebfc5d148d..7e7c1c2d18359f35190037435af0b52f69dee1a1 100644 (file)
--- a/src/util/virutil.c
+++ b/src/util/virutil.c
@@ -2131,3 +2131,42 @@ cleanup:
  
      return rc;
  }
+
+
+/**
+ * virGetEnvBlockSUID:
+ * @name: the environment variable name
+ *
+ * Obtain an environment variable which is unsafe to
+ * use when running setuid. If running setuid, a NULL
+ * value will be returned
+ */
+const char *virGetEnvBlockSUID(const char *name)
+{
+    return secure_getenv(name);
+}
+
+
+/**
+ * virGetEnvBlockSUID:
+ * @name: the environment variable name
+ *
+ * Obtain an environment variable which is safe to
+ * use when running setuid. The value will be returned
+ * even when running setuid
+ */
+const char *virGetEnvAllowSUID(const char *name)
+{
+    return getenv(name);
+}
+
+
+/**
+ * virIsSUID:
+ * Return a true value if running setuid. Does not
+ * check for elevated capabilities bits.
+ */
+bool virIsSUID(void)
+{
+    return getuid() != geteuid();
+}
diff --git a/src/util/virutil.h b/src/util/virutil.h

index 9f6fb200a4864bf94a78f806f635acdff1bf5d22..e8765b24a754f98b4e6b40abd7086a0abf00f1c6 100644 (file)
--- a/src/util/virutil.h
+++ b/src/util/virutil.h
@@ -172,4 +172,8 @@ int virCompareLimitUlong(unsigned long long a, unsigned long long b);
  
  int virParseOwnershipIds(const char *label, uid_t *uidPtr, gid_t *gidPtr);
  
+const char *virGetEnvBlockSUID(const char *name);
+const char *virGetEnvAllowSUID(const char *name);
+bool virIsSUID(void);
+
  #endif /* __VIR_UTIL_H__ */
author	Daniel P. Berrange <berrange@redhat.com>
	Wed, 9 Oct 2013 09:52:39 +0000 (10:52 +0100)
committer	Daniel P. Berrange <berrange@redhat.com>
	Mon, 21 Oct 2013 13:03:52 +0000 (14:03 +0100)
bootstrap.conf		patch \| blob \| blame \| history
src/libvirt_private.syms		patch \| blob \| blame \| history
src/util/virutil.c		patch \| blob \| blame \| history
src/util/virutil.h		patch \| blob \| blame \| history