According to the glibc manual, secure_getenv() is more trustful than
getenv() since it returns a null pointer if the environment is untrusted
such as setting SUID or SGID bits. Moreover, libraries should use
secure_getenv().
(http://www.gnu.org/software/libc/manual/html_node/Environment-Access.html)
Signed-off-by: Sangjung Woo <sangjung....@samsung.com>
---
src/libsystemd/sd-daemon/sd-daemon.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/libsystemd/sd-daemon/sd-daemon.c
b/src/libsystemd/sd-daemon/sd-daemon.c
index 028c2a7..86e6aed 100644
--- a/src/libsystemd/sd-daemon/sd-daemon.c
+++ b/src/libsystemd/sd-daemon/sd-daemon.c
@@ -46,7 +46,7 @@ _public_ int sd_listen_fds(int unset_environment) {
int r, fd;
pid_t pid;
- e = getenv("LISTEN_PID");
+ e = secure_getenv("LISTEN_PID");
if (!e) {
r = 0;
goto finish;
@@ -62,7 +62,7 @@ _public_ int sd_listen_fds(int unset_environment) {
goto finish;
}
- e = getenv("LISTEN_FDS");
+ e = secure_getenv("LISTEN_FDS");
if (!e) {
r = 0;
goto finish;
@@ -374,7 +374,7 @@ _public_ int sd_pid_notify_with_fds(pid_t pid, int
unset_environment, const char
goto finish;
}
- e = getenv("NOTIFY_SOCKET");
+ e = secure_getenv("NOTIFY_SOCKET");
if (!e)
return 0;
@@ -525,7 +525,7 @@ _public_ int sd_watchdog_enabled(int unset_environment,
uint64_t *usec) {
uint64_t u;
int r = 0;
- s = getenv("WATCHDOG_USEC");
+ s = secure_getenv("WATCHDOG_USEC");
if (!s)
goto finish;
@@ -537,7 +537,7 @@ _public_ int sd_watchdog_enabled(int unset_environment,
uint64_t *usec) {
goto finish;
}
- p = getenv("WATCHDOG_PID");
+ p = secure_getenv("WATCHDOG_PID");
if (p) {
pid_t pid;
--
1.7.9.5
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
