mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 01:57:43 +00:00
Code Issues Releases Wiki Activity

libapparmor: do not honor $LIBAPPARMOR_DEBUG when secure_getenv is undefined

Browse Source 
The `secure_getenv` function is a non-POSIX compliant extension of
glibc. In contrast to the POSIX `getenv`, `secure_getenv` will return
`NULL` for all environment variables when the program is run with
escalated privileges due to an SUID or SGID bit. Some strictly
POSIX-compliant libc libraries, most notably musl libc, do not have this
function and do not wish to implement it. Thus, AppArmor cannot be
compiled on such systems.

In libapparmor, `secure_getenv` is only used to determine whether the
environment variable DEBUG_ENV_VAR has been set to enable debugging. In
case an unprivileged user runs a SUID/SGID executable linked against
libapparmor, we do not want that user to be able to get additional
information via debug output.

The fix here is to produce an error only in case where debug output is
enabled by defining ENABLE_DEBUG_OUTPUT. Otherwise, we simply define
`secure_getenv` to `NULL` to completely disable the debug output.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
This commit is contained in:
Patrick Steinhardt 2018-04-26 14:52:17 +01:00 committed by Steve Beattie
parent 1506f2cf0e
commit 778176b9d8
No known key found for this signature in database
GPG Key ID: 2F099E8D005E81F4
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libraries/libapparmor/src/private.c
View File

@ -38,8 +38,10 @@
#ifndef HAVE_SECURE_GETENV
#ifdef HAVE___SECURE_GETENV
#define secure_getenv __secure_getenv
#elif ENABLE_DEBUG_OUTPUT
#error Debug output is not possible without a secure_getenv() implementation.
#else
#error neither secure_getenv nor __secure_getenv is available
#define secure_getenv(env) NULL
#endif
#endif