diff options
| author | Daniel Bevenius <daniel.bevenius@gmail.com> | 2017-04-20 21:08:53 +0300 |
|---|---|---|
| committer | Daniel Bevenius <daniel.bevenius@gmail.com> | 2017-05-25 20:05:14 +0300 |
| commit | 6caf1b093ab0176b8ded68a53ab1ab72259bb1e0 (patch) | |
| tree | 26078501535acdc0c74efb7a5c20eee4b825fb19 | |
| parent | 1cde37576392f16c8652cde62804c248c77f70fb (diff) | |
src: add linux getauxval(AT_SECURE) in SafeGetenv
This commit attempts to fix the following TODO:
// TODO(bnoordhuis) Should perhaps also check whether
getauxval(AT_SECURE) is non-zero on Linux.
This can be manually tested at the moment using the following steps:
$ setcap cap_net_raw+ep out/Release/node
$ NODE_PENDING_DEPRECATION="1" out/Release/node -p
"process.binding('config').pendingDeprecation"
true
$ useradd test
$ su test
$ NODE_PENDING_DEPRECATION="1" out/Release/node -p
"process.binding('config').pendingDeprecation"
undefined
PR-URL: https://github.com/nodejs/node/pull/12548
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
| -rw-r--r-- | src/node.cc | 8 | ||||
| -rw-r--r-- | src/node_main.cc | 25 |
2 files changed, 31 insertions, 2 deletions
diff --git a/src/node.cc b/src/node.cc index 85b4b1264a5..c3a78b30153 100644 --- a/src/node.cc +++ b/src/node.cc @@ -230,6 +230,8 @@ bool config_expose_internals = false; bool v8_initialized = false; +bool linux_at_secure = false; + // process-relative uptime base, initialized at start-up static double prog_start_time; @@ -965,13 +967,15 @@ Local<Value> UVException(Isolate* isolate, // Look up environment variable unless running as setuid root. bool SafeGetenv(const char* key, std::string* text) { #ifndef _WIN32 - // TODO(bnoordhuis) Should perhaps also check whether getauxval(AT_SECURE) - // is non-zero on Linux. if (getuid() != geteuid() || getgid() != getegid()) { text->clear(); return false; } #endif + if (linux_at_secure) { + text->clear(); + return false; + } if (const char* value = getenv(key)) { *text = value; return true; diff --git a/src/node_main.cc b/src/node_main.cc index 3194eb78cab..7d6d9b1a01b 100644 --- a/src/node_main.cc +++ b/src/node_main.cc @@ -71,7 +71,32 @@ int wmain(int argc, wchar_t *wargv[]) { } #else // UNIX +#ifdef __linux__ +#include <elf.h> +#ifdef __LP64__ +#define Elf_auxv_t Elf64_auxv_t +#else +#define Elf_auxv_t Elf32_auxv_t +#endif // __LP64__ +extern char** environ; +#endif // __linux__ + +namespace node { + extern bool linux_at_secure; +} // namespace node + int main(int argc, char *argv[]) { +#if defined(__linux__) + char** envp = environ; + while (*envp++ != nullptr) {} + Elf_auxv_t* auxv = reinterpret_cast<Elf_auxv_t*>(envp); + for (; auxv->a_type != AT_NULL; auxv++) { + if (auxv->a_type == AT_SECURE) { + node::linux_at_secure = auxv->a_un.a_val; + break; + } + } +#endif // Disable stdio buffering, it interacts poorly with printf() // calls elsewhere in the program (e.g., any logging from V8.) setvbuf(stdout, nullptr, _IONBF, 0); |