Commit | Line | Data |
---|---|---|
6f626d28 | 1 | /* |
c0c0989a | 2 | * SPDX-License-Identifier: LGPL-2.1-only |
6f626d28 | 3 | * |
c0c0989a | 4 | * Copyright (C) 2017 Mathieu Desnoyers <mathieu.desnoyers@efficios.com> |
6f626d28 MD |
5 | */ |
6 | ||
7 | #include <stdlib.h> | |
8 | #include <unistd.h> | |
9 | #include <stdbool.h> | |
b4051ad8 | 10 | #include <stddef.h> |
6f626d28 | 11 | #include <sys/types.h> |
910dcd72 | 12 | #include <urcu/system.h> |
9d315d6d MJ |
13 | #include "common/logging.h" |
14 | #include "common/macros.h" | |
910dcd72 | 15 | #include "common/getenv.h" |
6f626d28 MD |
16 | |
17 | enum lttng_env_secure { | |
18 | LTTNG_ENV_SECURE, | |
19 | LTTNG_ENV_NOT_SECURE, | |
20 | }; | |
21 | ||
22 | struct lttng_env { | |
23 | const char *key; | |
24 | enum lttng_env_secure secure; | |
25 | char *value; | |
26 | }; | |
27 | ||
910dcd72 MJ |
28 | static |
29 | int lttng_ust_getenv_is_init = 0; | |
30 | ||
6f626d28 MD |
31 | static struct lttng_env lttng_env[] = { |
32 | /* | |
33 | * LTTNG_UST_DEBUG is used directly by snprintf, because it | |
34 | * needs to be already set for ERR() used in | |
35 | * lttng_ust_getenv_init(). | |
36 | */ | |
37 | { "LTTNG_UST_DEBUG", LTTNG_ENV_NOT_SECURE, NULL, }, | |
38 | ||
39 | /* Env. var. which can be used in setuid/setgid executables. */ | |
40 | { "LTTNG_UST_WITHOUT_BADDR_STATEDUMP", LTTNG_ENV_NOT_SECURE, NULL, }, | |
41 | { "LTTNG_UST_REGISTER_TIMEOUT", LTTNG_ENV_NOT_SECURE, NULL, }, | |
42 | ||
43 | /* Env. var. which are not fetched in setuid/setgid executables. */ | |
44 | { "LTTNG_UST_CLOCK_PLUGIN", LTTNG_ENV_SECURE, NULL, }, | |
45 | { "LTTNG_UST_GETCPU_PLUGIN", LTTNG_ENV_SECURE, NULL, }, | |
b2c5f61a | 46 | { "LTTNG_UST_ALLOW_BLOCKING", LTTNG_ENV_SECURE, NULL, }, |
6f626d28 MD |
47 | { "HOME", LTTNG_ENV_SECURE, NULL, }, |
48 | { "LTTNG_HOME", LTTNG_ENV_SECURE, NULL, }, | |
49 | }; | |
50 | ||
51 | static | |
52 | int lttng_is_setuid_setgid(void) | |
53 | { | |
54 | return geteuid() != getuid() || getegid() != getgid(); | |
55 | } | |
56 | ||
910dcd72 MJ |
57 | /* |
58 | * Wrapper over getenv that will only return the values of whitelisted | |
59 | * environment variables when the current process is setuid and/or setgid. | |
60 | */ | |
4c41b460 | 61 | char *lttng_ust_getenv(const char *name) |
6f626d28 MD |
62 | { |
63 | size_t i; | |
64 | struct lttng_env *e; | |
65 | bool found = false; | |
66 | ||
910dcd72 MJ |
67 | if (!CMM_LOAD_SHARED(lttng_ust_getenv_is_init)) |
68 | abort(); | |
69 | ||
6f626d28 MD |
70 | for (i = 0; i < LTTNG_ARRAY_SIZE(lttng_env); i++) { |
71 | e = <tng_env[i]; | |
72 | ||
73 | if (strcmp(e->key, name) == 0) { | |
74 | found = true; | |
75 | break; | |
76 | } | |
77 | } | |
78 | if (!found) { | |
79 | return NULL; | |
80 | } | |
81 | return e->value; | |
82 | } | |
83 | ||
84 | void lttng_ust_getenv_init(void) | |
85 | { | |
86 | size_t i; | |
87 | ||
910dcd72 MJ |
88 | if (CMM_LOAD_SHARED(lttng_ust_getenv_is_init)) |
89 | return; | |
90 | ||
6f626d28 MD |
91 | for (i = 0; i < LTTNG_ARRAY_SIZE(lttng_env); i++) { |
92 | struct lttng_env *e = <tng_env[i]; | |
93 | ||
94 | if (e->secure == LTTNG_ENV_SECURE && lttng_is_setuid_setgid()) { | |
95 | ERR("Getting environment variable '%s' from setuid/setgid binary refused for security reasons.", | |
96 | e->key); | |
97 | continue; | |
98 | } | |
99 | e->value = getenv(e->key); | |
100 | } | |
910dcd72 | 101 | CMM_STORE_SHARED(lttng_ust_getenv_is_init, 1); |
6f626d28 | 102 | } |