OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This is a list of environment variables which the ELF loader unsets when | 5 // This is a list of environment variables which the ELF loader unsets when |
6 // loading a SUID binary. Because they are unset rather than just ignored, they | 6 // loading a SUID binary. Because they are unset rather than just ignored, they |
7 // aren't passed to child processes of SUID processes either. | 7 // aren't passed to child processes of SUID processes either. |
8 // | 8 // |
9 // We need to save these environment variables before running a SUID sandbox | 9 // We need to save these environment variables before running a SUID sandbox |
10 // and restore them before running child processes (but after dropping root). | 10 // and restore them before running child processes (but after dropping root). |
11 // | 11 // |
12 // List gathered from glibc sources (00ebd7ed58df389a78e41dece058048725cb585e): | 12 // List gathered from glibc sources (00ebd7ed58df389a78e41dece058048725cb585e): |
13 // sysdeps/unix/sysv/linux/i386/dl-librecon.h | 13 // sysdeps/unix/sysv/linux/i386/dl-librecon.h |
14 // sysdeps/generic/unsecvars.h | 14 // sysdeps/generic/unsecvars.h |
15 | 15 |
16 #ifndef SANDBOX_LINUX_SUID_COMMON_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_ | 16 #ifndef SANDBOX_LINUX_SUID_COMMON_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_ |
17 #define SANDBOX_LINUX_SUID_COMMON_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_ | 17 #define SANDBOX_LINUX_SUID_COMMON_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_ |
18 | 18 |
| 19 #include <stddef.h> |
19 #include <stdint.h> | 20 #include <stdint.h> |
20 #include <stdlib.h> // malloc | 21 #include <stdlib.h> // malloc |
21 #include <string.h> // memcpy | 22 #include <string.h> // memcpy |
22 | 23 |
23 static const char* const kSUIDUnsafeEnvironmentVariables[] = { | 24 static const char* const kSUIDUnsafeEnvironmentVariables[] = { |
24 "LD_AOUT_LIBRARY_PATH", | 25 "LD_AOUT_LIBRARY_PATH", |
25 "LD_AOUT_PRELOAD", | 26 "LD_AOUT_PRELOAD", |
26 "GCONV_PATH", | 27 "GCONV_PATH", |
27 "GETCONF_DIR", | 28 "GETCONF_DIR", |
28 "HOSTALIASES", | 29 "HOSTALIASES", |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
64 return NULL; | 65 return NULL; |
65 | 66 |
66 memcpy(saved_envvar, "SANDBOX_", 8); | 67 memcpy(saved_envvar, "SANDBOX_", 8); |
67 memcpy(saved_envvar + 8, envvar, envvar_len); | 68 memcpy(saved_envvar + 8, envvar, envvar_len); |
68 saved_envvar[8 + envvar_len] = 0; | 69 saved_envvar[8 + envvar_len] = 0; |
69 | 70 |
70 return saved_envvar; | 71 return saved_envvar; |
71 } | 72 } |
72 | 73 |
73 #endif // SANDBOX_LINUX_SUID_COMMON_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_ | 74 #endif // SANDBOX_LINUX_SUID_COMMON_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_ |
OLD | NEW |