Browse Source

src: add linux getauxval(AT_SECURE) in SafeGetenv

This commit attempts to fix the following TODO:
// TODO(bnoordhuis) Should perhaps also check whether
getauxval(AT_SECURE) is non-zero on Linux.

This can be manually tested at the moment using the following steps:

$ setcap cap_net_raw+ep out/Release/node
$ NODE_PENDING_DEPRECATION="1" out/Release/node -p
"process.binding('config').pendingDeprecation"
true
$ useradd test
$ su test
$ NODE_PENDING_DEPRECATION="1" out/Release/node -p
"process.binding('config').pendingDeprecation"
undefined

PR-URL: https://github.com/nodejs/node/pull/12548
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
v6
Daniel Bevenius 8 years ago
parent
commit
6caf1b093a
  1. 8
      src/node.cc
  2. 25
      src/node_main.cc

8
src/node.cc

@ -230,6 +230,8 @@ bool config_expose_internals = false;
bool v8_initialized = false; bool v8_initialized = false;
bool linux_at_secure = false;
// process-relative uptime base, initialized at start-up // process-relative uptime base, initialized at start-up
static double prog_start_time; static double prog_start_time;
@ -965,13 +967,15 @@ Local<Value> UVException(Isolate* isolate,
// Look up environment variable unless running as setuid root. // Look up environment variable unless running as setuid root.
bool SafeGetenv(const char* key, std::string* text) { bool SafeGetenv(const char* key, std::string* text) {
#ifndef _WIN32 #ifndef _WIN32
// TODO(bnoordhuis) Should perhaps also check whether getauxval(AT_SECURE)
// is non-zero on Linux.
if (getuid() != geteuid() || getgid() != getegid()) { if (getuid() != geteuid() || getgid() != getegid()) {
text->clear(); text->clear();
return false; return false;
} }
#endif #endif
if (linux_at_secure) {
text->clear();
return false;
}
if (const char* value = getenv(key)) { if (const char* value = getenv(key)) {
*text = value; *text = value;
return true; return true;

25
src/node_main.cc

@ -71,7 +71,32 @@ int wmain(int argc, wchar_t *wargv[]) {
} }
#else #else
// UNIX // UNIX
#ifdef __linux__
#include <elf.h>
#ifdef __LP64__
#define Elf_auxv_t Elf64_auxv_t
#else
#define Elf_auxv_t Elf32_auxv_t
#endif // __LP64__
extern char** environ;
#endif // __linux__
namespace node {
extern bool linux_at_secure;
} // namespace node
int main(int argc, char *argv[]) { int main(int argc, char *argv[]) {
#if defined(__linux__)
char** envp = environ;
while (*envp++ != nullptr) {}
Elf_auxv_t* auxv = reinterpret_cast<Elf_auxv_t*>(envp);
for (; auxv->a_type != AT_NULL; auxv++) {
if (auxv->a_type == AT_SECURE) {
node::linux_at_secure = auxv->a_un.a_val;
break;
}
}
#endif
// Disable stdio buffering, it interacts poorly with printf() // Disable stdio buffering, it interacts poorly with printf()
// calls elsewhere in the program (e.g., any logging from V8.) // calls elsewhere in the program (e.g., any logging from V8.)
setvbuf(stdout, nullptr, _IONBF, 0); setvbuf(stdout, nullptr, _IONBF, 0);

Loading…
Cancel
Save