src: add linux getauxval(AT_SECURE) in SafeGetenv
This commit attempts to fix the following TODO: // TODO(bnoordhuis) Should perhaps also check whether getauxval(AT_SECURE) is non-zero on Linux. This can be manually tested at the moment using the following steps: $ setcap cap_net_raw+ep out/Release/node $ NODE_PENDING_DEPRECATION="1" out/Release/node -p "process.binding('config').pendingDeprecation" true $ useradd test $ su test $ NODE_PENDING_DEPRECATION="1" out/Release/node -p "process.binding('config').pendingDeprecation" undefined PR-URL: https://github.com/nodejs/node/pull/12548 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit is contained in:
parent
1cde375763
commit
6caf1b093a
@ -230,6 +230,8 @@ bool config_expose_internals = false;
|
||||
|
||||
bool v8_initialized = false;
|
||||
|
||||
bool linux_at_secure = false;
|
||||
|
||||
// process-relative uptime base, initialized at start-up
|
||||
static double prog_start_time;
|
||||
|
||||
@ -965,13 +967,15 @@ Local<Value> UVException(Isolate* isolate,
|
||||
// Look up environment variable unless running as setuid root.
|
||||
bool SafeGetenv(const char* key, std::string* text) {
|
||||
#ifndef _WIN32
|
||||
// TODO(bnoordhuis) Should perhaps also check whether getauxval(AT_SECURE)
|
||||
// is non-zero on Linux.
|
||||
if (getuid() != geteuid() || getgid() != getegid()) {
|
||||
text->clear();
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
if (linux_at_secure) {
|
||||
text->clear();
|
||||
return false;
|
||||
}
|
||||
if (const char* value = getenv(key)) {
|
||||
*text = value;
|
||||
return true;
|
||||
|
@ -71,7 +71,32 @@ int wmain(int argc, wchar_t *wargv[]) {
|
||||
}
|
||||
#else
|
||||
// UNIX
|
||||
#ifdef __linux__
|
||||
#include <elf.h>
|
||||
#ifdef __LP64__
|
||||
#define Elf_auxv_t Elf64_auxv_t
|
||||
#else
|
||||
#define Elf_auxv_t Elf32_auxv_t
|
||||
#endif // __LP64__
|
||||
extern char** environ;
|
||||
#endif // __linux__
|
||||
|
||||
namespace node {
|
||||
extern bool linux_at_secure;
|
||||
} // namespace node
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
#if defined(__linux__)
|
||||
char** envp = environ;
|
||||
while (*envp++ != nullptr) {}
|
||||
Elf_auxv_t* auxv = reinterpret_cast<Elf_auxv_t*>(envp);
|
||||
for (; auxv->a_type != AT_NULL; auxv++) {
|
||||
if (auxv->a_type == AT_SECURE) {
|
||||
node::linux_at_secure = auxv->a_un.a_val;
|
||||
break;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
// Disable stdio buffering, it interacts poorly with printf()
|
||||
// calls elsewhere in the program (e.g., any logging from V8.)
|
||||
setvbuf(stdout, nullptr, _IONBF, 0);
|
||||
|
Loading…
x
Reference in New Issue
Block a user