Merge branch 'remove-secure-libc' into 'master'

Remove unused HAVE_LIBC_ENABLE_SECURE  and add a glibc implementation for g_check_setuid

See merge request GNOME/glib!45

config.h.meson

@@ -250,9 +250,6 @@
 /* Define if your <locale.h> file defines LC_MESSAGES. */
 #mesondefine HAVE_LC_MESSAGES
 
-/* Define if you have the __libc_enable_secure variable (GNU libc, eglibc) */
-#mesondefine HAVE_LIBC_ENABLE_SECURE
-
 /* Define if libelf is available */
 #mesondefine HAVE_LIBELF
 
@@ -528,6 +525,9 @@
    */
 #mesondefine HAVE_SYS_DIR_H
 
+/* Define to 1 if you have the <sys/auxv.h> header file. */
+#mesondefine HAVE_SYS_AUXV_H
+
 /* Define to 1 if you have the <sys/event.h> header file. */
 #mesondefine HAVE_SYS_EVENT_H
 

config.h.win32.in

@@ -254,9 +254,6 @@
 /* Define if your <locale.h> file defines LC_MESSAGES. */
 /* #undef HAVE_LC_MESSAGES */
 
-/* Define if you have the __libc_enable_secure variable (GNU libc, eglibc) */
-/* #undef HAVE_LIBC_ENABLE_SECURE */
-
 /* Define if libelf is available */
 /* #undef HAVE_LIBELF */
 

configure.ac

@@ -506,17 +506,6 @@ AC_CHECK_FUNCS(mmap posix_memalign memalign valloc fsync pipe2 issetugid)
 AC_CHECK_FUNCS(timegm gmtime_r)
 AC_FUNC_STRERROR_R()
 
-AC_CACHE_CHECK([for __libc_enable_secure], glib_cv_have_libc_enable_secure,
-  [AC_TRY_LINK([#include <unistd.h>
-    extern int __libc_enable_secure;],
-    [return __libc_enable_secure;],
-   glib_cv_have_libc_enable_secure=yes,
-   glib_cv_have_libc_enable_secure=no)])
-AS_IF([test x$glib_cv_have_libc_enable_secure = xyes], [
-   AC_DEFINE(HAVE_LIBC_ENABLE_SECURE, 1,
-     [Define if you have the __libc_enable_secure variable (GNU libc, eglibc)])
-])
-
 AC_CHECK_SIZEOF(char)
 AC_CHECK_SIZEOF(short)
 AC_CHECK_SIZEOF(long)
@@ -685,7 +674,7 @@ fi
 # check for header files
 AC_CHECK_HEADERS([sys/param.h sys/resource.h mach/mach_time.h])
 AC_CHECK_HEADERS([sys/select.h stdint.h inttypes.h sched.h malloc.h])
-AC_CHECK_HEADERS([sys/vfs.h sys/vmount.h sys/statfs.h sys/statvfs.h sys/filio.h])
+AC_CHECK_HEADERS([sys/vfs.h sys/vmount.h sys/statfs.h sys/statvfs.h sys/filio.h sys/auxv.h])
 AC_CHECK_HEADERS([mntent.h sys/mnttab.h sys/vfstab.h sys/mntctl.h fstab.h])
 AC_CHECK_HEADERS([linux/magic.h])
 AC_CHECK_HEADERS([termios.h])

glib/gutils.c

@@ -50,6 +50,9 @@
 #ifdef HAVE_CRT_EXTERNS_H 
 #include <crt_externs.h> /* for _NSGetEnviron */
 #endif
+#ifdef HAVE_SYS_AUXV_H
+#include <sys/auxv.h>
+#endif
 
 #include "glib-init.h"
 #include "glib-private.h"
@@ -2495,22 +2498,21 @@ const gchar *g_get_tmp_dir_utf8 (void) { return g_get_tmp_dir (); }
 
 /* Private API:
  *
- * Returns %TRUE if the current process was executed as setuid (or an
- * equivalent __libc_enable_secure is available).  See:
- * http://osdir.com/ml/linux.lfs.hardened/2007-04/msg00032.html
+ * Returns %TRUE if the current process was executed as setuid
  */ 
 gboolean
 g_check_setuid (void)
 {
-  /* TODO: get __libc_enable_secure exported from glibc.
-   * See http://www.openwall.com/lists/owl-dev/2012/08/14/1
-   */
-#if 0 && defined(HAVE_LIBC_ENABLE_SECURE)
-  {
-    /* See glibc/include/unistd.h */
-    extern int __libc_enable_secure;
-    return __libc_enable_secure;
-  }
+#if defined(HAVE_SYS_AUXV_H)
+  unsigned long value;
+  int errsv;
+
+  errno = 0;
+  value = getauxval (AT_SECURE);
+  errsv = errno;
+  if (errsv)
+    g_error ("getauxval () failed: %s", g_strerror (errsv));
+  return value;
 #elif defined(HAVE_ISSETUGID) && !defined(__BIONIC__)
   /* BSD: http://www.freebsd.org/cgi/man.cgi?query=issetugid&sektion=2 */
 

meson.build

@@ -229,6 +229,7 @@ headers = [
   'stdlib.h',
   'string.h',
   'strings.h',
+  'sys/auxv.h',
   'sys/event.h',
   'sys/filio.h',
   'sys/inotify.h',