summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCarsten Haitzler (Rasterman) <raster@rasterman.com>2013-12-01 11:48:49 +0900
committerCarsten Haitzler (Rasterman) <raster@rasterman.com>2013-12-01 11:50:51 +0900
commit666df815cd86a50343859bce36c5cf968c5f38b0 (patch)
tree5104b4427b2818469d6db91e9597772b4b2b3fc9
parentfc9e8865cfb17a556a8a7efd1983ba211c16e545 (diff)
e_sys - address security concerns with environment - more
add more environment variables to nuke and add alternate envrionment nuke method to raise security level.
-rw-r--r--configure.ac19
-rw-r--r--src/bin/e_sys_main.c113
2 files changed, 125 insertions, 7 deletions
diff --git a/configure.ac b/configure.ac
index 420fcc099..1bac1dc99 100644
--- a/configure.ac
+++ b/configure.ac
@@ -74,7 +74,24 @@ EFL_CHECK_PATH_MAX
74AC_CHECK_FUNCS(setenv) 74AC_CHECK_FUNCS(setenv)
75AC_CHECK_FUNCS(unsetenv) 75AC_CHECK_FUNCS(unsetenv)
76AC_CHECK_FUNCS(clearenv) 76AC_CHECK_FUNCS(clearenv)
77AC_CHECK_HEADERS([features.h]) 77AC_CHECK_HEADERS(features.h)
78
79case "$host_os" in
80 darwin*)
81 AC_DEFINE([environ], [(*_NSGetEnviron())],
82 ["apple doesn't follow POSIX in this case."])
83 ;;
84 *)
85 ;;
86esac
87AC_TRY_COMPILE([
88#define _GNU_SOURCE 1
89#include <unistd.h>
90 ],[
91extern char **environ;
92 ],[
93AC_DEFINE(HAVE_ENVIRON, 1, [Have environ var])
94 ])
78 95
79efl_version="1.8.0" 96efl_version="1.8.0"
80AC_SUBST(efl_version) 97AC_SUBST(efl_version)
diff --git a/src/bin/e_sys_main.c b/src/bin/e_sys_main.c
index e833dac8e..cd3fcaeee 100644
--- a/src/bin/e_sys_main.c
+++ b/src/bin/e_sys_main.c
@@ -8,6 +8,9 @@
8 8
9#include <stdio.h> 9#include <stdio.h>
10#include <stdlib.h> 10#include <stdlib.h>
11#ifdef HAVE_ENVIRON
12# define _GNU_SOURCE 1
13#endif
11#include <unistd.h> 14#include <unistd.h>
12#include <string.h> 15#include <string.h>
13#include <sys/types.h> 16#include <sys/types.h>
@@ -22,6 +25,10 @@
22#endif 25#endif
23#include <Eina.h> 26#include <Eina.h>
24 27
28#ifdef HAVE_ENVIRON
29extern char **environ;
30#endif
31
25double e_sys_l2ping(const char *bluetooth_mac); 32double e_sys_l2ping(const char *bluetooth_mac);
26 33
27/* local subsystem functions */ 34/* local subsystem functions */
@@ -166,17 +173,111 @@ main(int argc,
166 /* sanitize environment */ 173 /* sanitize environment */
167#ifdef HAVE_UNSETENV 174#ifdef HAVE_UNSETENV
168# define NOENV(x) unsetenv(x) 175# define NOENV(x) unsetenv(x)
169#else 176 /* pass 1 - just nuke known dangerous env vars brutally if possible via
170# define NOENV(x) 177 * unsetenv(). if you don't have unsetenv... there's pass 2 and 3 */
171#endif
172 NOENV("IFS"); 178 NOENV("IFS");
179 NOENV("CDPATH");
180 NOENV("LOCALDOMAIN");
181 NOENV("RES_OPTIONS");
182 NOENV("HOSTALIASES");
183 NOENV("NLSPATH");
184 NOENV("PATH_LOCALE");
185 NOENV("COLORTERM");
186 NOENV("LANG");
187 NOENV("LANGUAGE");
188 NOENV("LINGUAS");
189 NOENV("TERM");
173 NOENV("LD_PRELOAD"); 190 NOENV("LD_PRELOAD");
174 NOENV("PYTHONPATH");
175 NOENV("LD_LIBRARY_PATH"); 191 NOENV("LD_LIBRARY_PATH");
192 NOENV("SHLIB_PATH");
193 NOENV("LIBPATH");
194 NOENV("AUTHSTATE");
195 NOENV("DYLD_*");
196 NOENV("KRB_CONF*");
197 NOENV("KRBCONFDIR");
198 NOENV("KRBTKFILE");
199 NOENV("KRB5_CONFIG*");
200 NOENV("KRB5_KTNAME");
201 NOENV("VAR_ACE");
202 NOENV("USR_ACE");
203 NOENV("DLC_ACE");
204 NOENV("TERMINFO");
205 NOENV("TERMINFO_DIRS");
206 NOENV("TERMPATH");
207 NOENV("TERMCAP");
208 NOENV("ENV");
209 NOENV("BASH_ENV");
210 NOENV("PS4");
211 NOENV("GLOBIGNORE");
212 NOENV("SHELLOPTS");
213 NOENV("JAVA_TOOL_OPTIONS");
214 NOENV("PERLIO_DEBUG");
215 NOENV("PERLLIB");
216 NOENV("PERL5LIB");
217 NOENV("PERL5OPT");
218 NOENV("PERL5DB");
219 NOENV("FPATH");
220 NOENV("NULLCMD");
221 NOENV("READNULLCMD");
222 NOENV("ZDOTDIR");
223 NOENV("TMPPREFIX");
224 NOENV("PYTHONPATH");
225 NOENV("PYTHONHOME");
226 NOENV("PYTHONINSPECT");
227 NOENV("RUBYLIB");
228 NOENV("RUBYOPT");
229# ifdef HAVE_ENVIRON
230 if (environ)
231 {
232 int again;
233 char *tmp, *p;
234
235 /* go over environment array again and again... safely */
236 do
237 {
238 again = 0;
239
240 /* walk through and find first entry that we don't like */
241 for (i = 0; environ[i]; i++)
242 {
243 /* if it begins with any of these, it's possibly nasty */
244 if ((!strncmp(environ[i], "LD_", 3)) ||
245 (!strncmp(environ[i], "_RLD_", 5)) ||
246 (!strncmp(environ[i], "LC_", 3)) ||
247 (!strncmp(environ[i], "LDR_", 3)))
248 {
249 /* unset it */
250 tmp = strdup(environ[i]);
251 if (!tmp) abort();
252 p = strchr(tmp, '=');
253 if (!p) abort();
254 *p = 0;
255 NOENV(p);
256 free(tmp);
257 /* and mark our do to try again from the start in case
258 * unsetenv changes environ ptr */
259 again = 1;
260 break;
261 }
262 }
263 }
264 while (again);
265 }
266# endif
267#endif
268
269 /* pass 2 - clear entire environment so it doesn't exist at all. if you
270 * can't do this... you're possibly in trouble... but the worst is still
271 * fixed in pass 3 */
176#ifdef HAVE_CLEARENV 272#ifdef HAVE_CLEARENV
177 clearenv(); 273 clearenv();
274#else
275# ifdef HAVE_ENVIRON
276 environ = NULL;
277# endif
178#endif 278#endif
179 /* set path and ifs to minimal defaults */ 279
280 /* pass 3 - set path and ifs to minimal defaults */
180 putenv("PATH=/bin:/usr/bin"); 281 putenv("PATH=/bin:/usr/bin");
181 putenv("IFS= \t\n"); 282 putenv("IFS= \t\n");
182 283