summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCarsten Haitzler (Rasterman) <raster@rasterman.com>2013-12-01 11:48:49 +0900
committerCarsten Haitzler (Rasterman) <raster@rasterman.com>2013-12-01 12:06:08 +0900
commit126afd0fda493deec8398088e6e928b4d2e5f463 (patch)
tree406f70f8e6a860fec78b10738e05e72357d1bb9f
parent8cabf2708520539cf25ca0a876f9c044f6d56a77 (diff)
e_sys - address security concerns with environment - more
add more environment variables to nuke and add alternate envrionment nuke method to raise security level. Conflicts: src/bin/e_sys_main.c
-rw-r--r--configure.ac19
-rw-r--r--src/bin/e_sys_main.c113
2 files changed, 125 insertions, 7 deletions
diff --git a/configure.ac b/configure.ac
index 1a10ae5..3c5bd42 100644
--- a/configure.ac
+++ b/configure.ac
@@ -75,7 +75,24 @@ EFL_CHECK_PATH_MAX
75AC_CHECK_FUNCS(setenv) 75AC_CHECK_FUNCS(setenv)
76AC_CHECK_FUNCS(unsetenv) 76AC_CHECK_FUNCS(unsetenv)
77AC_CHECK_FUNCS(clearenv) 77AC_CHECK_FUNCS(clearenv)
78AC_CHECK_HEADERS([features.h]) 78AC_CHECK_HEADERS(features.h)
79
80case "$host_os" in
81 darwin*)
82 AC_DEFINE([environ], [(*_NSGetEnviron())],
83 ["apple doesn't follow POSIX in this case."])
84 ;;
85 *)
86 ;;
87esac
88AC_TRY_COMPILE([
89#define _GNU_SOURCE 1
90#include <unistd.h>
91 ],[
92extern char **environ;
93 ],[
94AC_DEFINE(HAVE_ENVIRON, 1, [Have environ var])
95 ])
79 96
80efl_version="1.7.9" 97efl_version="1.7.9"
81AC_SUBST(efl_version) 98AC_SUBST(efl_version)
diff --git a/src/bin/e_sys_main.c b/src/bin/e_sys_main.c
index 16aa14a..da40590 100644
--- a/src/bin/e_sys_main.c
+++ b/src/bin/e_sys_main.c
@@ -8,6 +8,9 @@
8 8
9#include <stdio.h> 9#include <stdio.h>
10#include <stdlib.h> 10#include <stdlib.h>
11#ifdef HAVE_ENVIRON
12# define _GNU_SOURCE 1
13#endif
11#include <unistd.h> 14#include <unistd.h>
12#include <string.h> 15#include <string.h>
13#include <sys/types.h> 16#include <sys/types.h>
@@ -22,6 +25,10 @@
22#endif 25#endif
23#include <Eina.h> 26#include <Eina.h>
24 27
28#ifdef HAVE_ENVIRON
29extern char **environ;
30#endif
31
25/* local subsystem functions */ 32/* local subsystem functions */
26#ifdef HAVE_EEZE_MOUNT 33#ifdef HAVE_EEZE_MOUNT
27static Eina_Bool mountopts_check(const char *opts); 34static Eina_Bool mountopts_check(const char *opts);
@@ -147,17 +154,111 @@ main(int argc,
147 /* sanitize environment */ 154 /* sanitize environment */
148#ifdef HAVE_UNSETENV 155#ifdef HAVE_UNSETENV
149# define NOENV(x) unsetenv(x) 156# define NOENV(x) unsetenv(x)
150#else 157 /* pass 1 - just nuke known dangerous env vars brutally if possible via
151# define NOENV(x) 158 * unsetenv(). if you don't have unsetenv... there's pass 2 and 3 */
152#endif
153 NOENV("IFS"); 159 NOENV("IFS");
160 NOENV("CDPATH");
161 NOENV("LOCALDOMAIN");
162 NOENV("RES_OPTIONS");
163 NOENV("HOSTALIASES");
164 NOENV("NLSPATH");
165 NOENV("PATH_LOCALE");
166 NOENV("COLORTERM");
167 NOENV("LANG");
168 NOENV("LANGUAGE");
169 NOENV("LINGUAS");
170 NOENV("TERM");
154 NOENV("LD_PRELOAD"); 171 NOENV("LD_PRELOAD");
155 NOENV("PYTHONPATH");
156 NOENV("LD_LIBRARY_PATH"); 172 NOENV("LD_LIBRARY_PATH");
173 NOENV("SHLIB_PATH");
174 NOENV("LIBPATH");
175 NOENV("AUTHSTATE");
176 NOENV("DYLD_*");
177 NOENV("KRB_CONF*");
178 NOENV("KRBCONFDIR");
179 NOENV("KRBTKFILE");
180 NOENV("KRB5_CONFIG*");
181 NOENV("KRB5_KTNAME");
182 NOENV("VAR_ACE");
183 NOENV("USR_ACE");
184 NOENV("DLC_ACE");
185 NOENV("TERMINFO");
186 NOENV("TERMINFO_DIRS");
187 NOENV("TERMPATH");
188 NOENV("TERMCAP");
189 NOENV("ENV");
190 NOENV("BASH_ENV");
191 NOENV("PS4");
192 NOENV("GLOBIGNORE");
193 NOENV("SHELLOPTS");
194 NOENV("JAVA_TOOL_OPTIONS");
195 NOENV("PERLIO_DEBUG");
196 NOENV("PERLLIB");
197 NOENV("PERL5LIB");
198 NOENV("PERL5OPT");
199 NOENV("PERL5DB");
200 NOENV("FPATH");
201 NOENV("NULLCMD");
202 NOENV("READNULLCMD");
203 NOENV("ZDOTDIR");
204 NOENV("TMPPREFIX");
205 NOENV("PYTHONPATH");
206 NOENV("PYTHONHOME");
207 NOENV("PYTHONINSPECT");
208 NOENV("RUBYLIB");
209 NOENV("RUBYOPT");
210# ifdef HAVE_ENVIRON
211 if (environ)
212 {
213 int again;
214 char *tmp, *p;
215
216 /* go over environment array again and again... safely */
217 do
218 {
219 again = 0;
220
221 /* walk through and find first entry that we don't like */
222 for (i = 0; environ[i]; i++)
223 {
224 /* if it begins with any of these, it's possibly nasty */
225 if ((!strncmp(environ[i], "LD_", 3)) ||
226 (!strncmp(environ[i], "_RLD_", 5)) ||
227 (!strncmp(environ[i], "LC_", 3)) ||
228 (!strncmp(environ[i], "LDR_", 3)))
229 {
230 /* unset it */
231 tmp = strdup(environ[i]);
232 if (!tmp) abort();
233 p = strchr(tmp, '=');
234 if (!p) abort();
235 *p = 0;
236 NOENV(p);
237 free(tmp);
238 /* and mark our do to try again from the start in case
239 * unsetenv changes environ ptr */
240 again = 1;
241 break;
242 }
243 }
244 }
245 while (again);
246 }
247# endif
248#endif
249
250 /* pass 2 - clear entire environment so it doesn't exist at all. if you
251 * can't do this... you're possibly in trouble... but the worst is still
252 * fixed in pass 3 */
157#ifdef HAVE_CLEARENV 253#ifdef HAVE_CLEARENV
158 clearenv(); 254 clearenv();
255#else
256# ifdef HAVE_ENVIRON
257 environ = NULL;
258# endif
159#endif 259#endif
160 /* set path and ifs to minimal defaults */ 260
261 /* pass 3 - set path and ifs to minimal defaults */
161 putenv("PATH=/bin:/usr/bin"); 262 putenv("PATH=/bin:/usr/bin");
162 putenv("IFS= \t\n"); 263 putenv("IFS= \t\n");
163 264