From 41165b2a7e5e73daa7555486a90ccfa300160906 Mon Sep 17 00:00:00 2001 From: Christoph Reiter Date: Thu, 31 May 2018 10:40:21 +0200 Subject: [PATCH 1/2] Remove unused HAVE_LIBC_ENABLE_SECURE It was added in 4c2928a544829 to potentially enable accessing AT_SECURE through __libc_enable_secure, but was never enabled. Newer glibc provides getauxval(AT_SECURE) which should be used instead. Add a TODO note for that. --- config.h.meson | 3 --- config.h.win32.in | 3 --- configure.ac | 11 ----------- glib/gutils.c | 17 ++++------------- 4 files changed, 4 insertions(+), 30 deletions(-) diff --git a/config.h.meson b/config.h.meson index fd0bfcaf9..5752751ed 100644 --- a/config.h.meson +++ b/config.h.meson @@ -250,9 +250,6 @@ /* Define if your file defines LC_MESSAGES. */ #mesondefine HAVE_LC_MESSAGES -/* Define if you have the __libc_enable_secure variable (GNU libc, eglibc) */ -#mesondefine HAVE_LIBC_ENABLE_SECURE - /* Define if libelf is available */ #mesondefine HAVE_LIBELF diff --git a/config.h.win32.in b/config.h.win32.in index 14ac11d39..e8631ca02 100644 --- a/config.h.win32.in +++ b/config.h.win32.in @@ -254,9 +254,6 @@ /* Define if your file defines LC_MESSAGES. */ /* #undef HAVE_LC_MESSAGES */ -/* Define if you have the __libc_enable_secure variable (GNU libc, eglibc) */ -/* #undef HAVE_LIBC_ENABLE_SECURE */ - /* Define if libelf is available */ /* #undef HAVE_LIBELF */ diff --git a/configure.ac b/configure.ac index be48c9a19..18752b264 100644 --- a/configure.ac +++ b/configure.ac @@ -506,17 +506,6 @@ AC_CHECK_FUNCS(mmap posix_memalign memalign valloc fsync pipe2 issetugid) AC_CHECK_FUNCS(timegm gmtime_r) AC_FUNC_STRERROR_R() -AC_CACHE_CHECK([for __libc_enable_secure], glib_cv_have_libc_enable_secure, - [AC_TRY_LINK([#include - extern int __libc_enable_secure;], - [return __libc_enable_secure;], - glib_cv_have_libc_enable_secure=yes, - glib_cv_have_libc_enable_secure=no)]) -AS_IF([test x$glib_cv_have_libc_enable_secure = xyes], [ - AC_DEFINE(HAVE_LIBC_ENABLE_SECURE, 1, - [Define if you have the __libc_enable_secure variable (GNU libc, eglibc)]) -]) - AC_CHECK_SIZEOF(char) AC_CHECK_SIZEOF(short) AC_CHECK_SIZEOF(long) diff --git a/glib/gutils.c b/glib/gutils.c index 5813b2281..5527a402c 100644 --- a/glib/gutils.c +++ b/glib/gutils.c @@ -2495,23 +2495,14 @@ const gchar *g_get_tmp_dir_utf8 (void) { return g_get_tmp_dir (); } /* Private API: * - * Returns %TRUE if the current process was executed as setuid (or an - * equivalent __libc_enable_secure is available). See: - * http://osdir.com/ml/linux.lfs.hardened/2007-04/msg00032.html + * Returns %TRUE if the current process was executed as setuid */ gboolean g_check_setuid (void) { - /* TODO: get __libc_enable_secure exported from glibc. - * See http://www.openwall.com/lists/owl-dev/2012/08/14/1 - */ -#if 0 && defined(HAVE_LIBC_ENABLE_SECURE) - { - /* See glibc/include/unistd.h */ - extern int __libc_enable_secure; - return __libc_enable_secure; - } -#elif defined(HAVE_ISSETUGID) && !defined(__BIONIC__) +/* TODO: use getauxval(AT_SECURE) if available */ + +#if defined(HAVE_ISSETUGID) && !defined(__BIONIC__) /* BSD: http://www.freebsd.org/cgi/man.cgi?query=issetugid&sektion=2 */ /* Android had it in older versions but the new 64 bit ABI does not From a7fefb0e4ef17883f55a0798c925c6f8d98ae964 Mon Sep 17 00:00:00 2001 From: Christoph Reiter Date: Thu, 31 May 2018 11:31:23 +0200 Subject: [PATCH 2/2] g_check_setuid: implement using getauxval(AT_SECURE) with glibc See commit 4c2928a544829 for why checking AT_SECURE is preferable compared to UID checks as currently done in the fallback case. getauxval() was added with glibc 2.16 While glibc <2.19 didn't provide a way to differentiate a 0 return value from an error, passing AT_SECURE should always succeed according to https://sourceware.org/ml/libc-alpha/2014-07/msg00407.html I've added an errno check anyway, to be on the safe side. --- config.h.meson | 3 +++ configure.ac | 2 +- glib/gutils.c | 15 +++++++++++++-- meson.build | 1 + 4 files changed, 18 insertions(+), 3 deletions(-) diff --git a/config.h.meson b/config.h.meson index 5752751ed..e9f4c4e6d 100644 --- a/config.h.meson +++ b/config.h.meson @@ -525,6 +525,9 @@ */ #mesondefine HAVE_SYS_DIR_H +/* Define to 1 if you have the header file. */ +#mesondefine HAVE_SYS_AUXV_H + /* Define to 1 if you have the header file. */ #mesondefine HAVE_SYS_EVENT_H diff --git a/configure.ac b/configure.ac index 18752b264..8d05659ca 100644 --- a/configure.ac +++ b/configure.ac @@ -674,7 +674,7 @@ fi # check for header files AC_CHECK_HEADERS([sys/param.h sys/resource.h mach/mach_time.h]) AC_CHECK_HEADERS([sys/select.h stdint.h inttypes.h sched.h malloc.h]) -AC_CHECK_HEADERS([sys/vfs.h sys/vmount.h sys/statfs.h sys/statvfs.h sys/filio.h]) +AC_CHECK_HEADERS([sys/vfs.h sys/vmount.h sys/statfs.h sys/statvfs.h sys/filio.h sys/auxv.h]) AC_CHECK_HEADERS([mntent.h sys/mnttab.h sys/vfstab.h sys/mntctl.h fstab.h]) AC_CHECK_HEADERS([linux/magic.h]) AC_CHECK_HEADERS([termios.h]) diff --git a/glib/gutils.c b/glib/gutils.c index 5527a402c..2b750aba9 100644 --- a/glib/gutils.c +++ b/glib/gutils.c @@ -50,6 +50,9 @@ #ifdef HAVE_CRT_EXTERNS_H #include /* for _NSGetEnviron */ #endif +#ifdef HAVE_SYS_AUXV_H +#include +#endif #include "glib-init.h" #include "glib-private.h" @@ -2500,9 +2503,17 @@ const gchar *g_get_tmp_dir_utf8 (void) { return g_get_tmp_dir (); } gboolean g_check_setuid (void) { -/* TODO: use getauxval(AT_SECURE) if available */ +#if defined(HAVE_SYS_AUXV_H) + unsigned long value; + int errsv; -#if defined(HAVE_ISSETUGID) && !defined(__BIONIC__) + errno = 0; + value = getauxval (AT_SECURE); + errsv = errno; + if (errsv) + g_error ("getauxval () failed: %s", g_strerror (errsv)); + return value; +#elif defined(HAVE_ISSETUGID) && !defined(__BIONIC__) /* BSD: http://www.freebsd.org/cgi/man.cgi?query=issetugid&sektion=2 */ /* Android had it in older versions but the new 64 bit ABI does not diff --git a/meson.build b/meson.build index 6eb67cff2..a89ca55cd 100644 --- a/meson.build +++ b/meson.build @@ -229,6 +229,7 @@ headers = [ 'stdlib.h', 'string.h', 'strings.h', + 'sys/auxv.h', 'sys/event.h', 'sys/filio.h', 'sys/inotify.h',