blob: 71c88b8699a0b791ba23ce51dd88c0ae735e9f57 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
From f55d5b3ff0be7c8e903dc367b7747324e9556dd5 Mon Sep 17 00:00:00 2001
From: Patrick Steinhardt <ps@pks.im>
Date: Thu, 26 Apr 2018 14:52:17 +0100
Subject: [PATCH 03/11] libapparmor: do not honor $LIBAPPARMOR_DEBUG when
`secure_getenv` is undefined
The `secure_getenv` function is a non-POSIX compliant extension of
glibc. In contrast to the POSIX `getenv`, `secure_getenv` will return
`NULL` for all environment variables when the program is run with
escalated privileges due to an SUID or SGID bit. Some strictly
POSIX-compliant libc libraries, most notably musl libc, do not have this
function and do not wish to implement it. Thus, AppArmor cannot be
compiled on such systems.
In libapparmor, `secure_getenv` is only used to determine whether the
environment variable DEBUG_ENV_VAR has been set to enable debugging. In
case an unprivileged user runs a SUID/SGID executable linked against
libapparmor, we do not want that user to be able to get additional
information via debug output.
The fix here is to produce an error only in case where debug output is
enabled by defining ENABLE_DEBUG_OUTPUT. Otherwise, we simply define
`secure_getenv` to `NULL` to completely disable the debug output.
(cherry picked from commit 778176b9d84580f2e5a3be301ef9797b34ed69b9)
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Acked-by: Steve Beattie <steve@nxnw.org>
PR: https://gitlab.com/apparmor/apparmor/merge_requests/107
---
libraries/libapparmor/src/private.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libraries/libapparmor/src/private.c b/libraries/libapparmor/src/private.c
index 218f6628..f5cc2a4c 100644
--- a/libraries/libapparmor/src/private.c
+++ b/libraries/libapparmor/src/private.c
@@ -38,8 +38,10 @@
#ifndef HAVE_SECURE_GETENV
#ifdef HAVE___SECURE_GETENV
#define secure_getenv __secure_getenv
+ #elif ENABLE_DEBUG_OUTPUT
+ #error Debug output is not possible without a secure_getenv() implementation.
#else
- #error neither secure_getenv nor __secure_getenv is available
+ #define secure_getenv(env) NULL
#endif
#endif
--
2.17.1
|
