apparmor

mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00

History

Patrick Steinhardt 778176b9d8 libapparmor: do not honor $LIBAPPARMOR_DEBUG when `secure_getenv` is undefined The `secure_getenv` function is a non-POSIX compliant extension of glibc. In contrast to the POSIX `getenv`, `secure_getenv` will return `NULL` for all environment variables when the program is run with escalated privileges due to an SUID or SGID bit. Some strictly POSIX-compliant libc libraries, most notably musl libc, do not have this function and do not wish to implement it. Thus, AppArmor cannot be compiled on such systems. In libapparmor, `secure_getenv` is only used to determine whether the environment variable DEBUG_ENV_VAR has been set to enable debugging. In case an unprivileged user runs a SUID/SGID executable linked against libapparmor, we do not want that user to be able to get additional information via debug output. The fix here is to produce an error only in case where debug output is enabled by defining ENABLE_DEBUG_OUTPUT. Otherwise, we simply define `secure_getenv` to `NULL` to completely disable the debug output. Signed-off-by: Patrick Steinhardt <ps@pks.im>	2018-05-09 13:15:42 -07:00
..
libapparmor	libapparmor: do not honor $LIBAPPARMOR_DEBUG when `secure_getenv` is undefined	2018-05-09 13:15:42 -07:00

Patrick Steinhardt 778176b9d8

libapparmor: do not honor $LIBAPPARMOR_DEBUG when secure_getenv is undefined

The `secure_getenv` function is a non-POSIX compliant extension of
glibc. In contrast to the POSIX `getenv`, `secure_getenv` will return
`NULL` for all environment variables when the program is run with
escalated privileges due to an SUID or SGID bit. Some strictly
POSIX-compliant libc libraries, most notably musl libc, do not have this
function and do not wish to implement it. Thus, AppArmor cannot be
compiled on such systems.

In libapparmor, `secure_getenv` is only used to determine whether the
environment variable DEBUG_ENV_VAR has been set to enable debugging. In
case an unprivileged user runs a SUID/SGID executable linked against
libapparmor, we do not want that user to be able to get additional
information via debug output.

The fix here is to produce an error only in case where debug output is
enabled by defining ENABLE_DEBUG_OUTPUT. Otherwise, we simply define
`secure_getenv` to `NULL` to completely disable the debug output.

Signed-off-by: Patrick Steinhardt <ps@pks.im>

2018-05-09 13:15:42 -07:00

libapparmor libapparmor: do not honor $LIBAPPARMOR_DEBUG when secure_getenv is undefined 2018-05-09 13:15:42 -07:00