From e0fdb6943066032db294720915c3bd644bf2bcd1 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 4 Aug 2013 09:56:56 -0700 Subject: Fix some minor races in hosts lacking mkostemp. Gnulib's emulation of mkostemp doesn't have races that Emacs's does. * configure.ac (mkostemp): Remove check for this function; gnulib does the check now. (mkstemp): Remove check for this no-longer-used function. * lib/mkostemp.c, lib/secure_getenv.c, lib/tempname.c, lib/tempname.h: * m4/mkostemp.m4, m4/secure_getenv.m4, m4/tempname.m4: New files, copied from Gnulib. * lib/gnulib.mk, m4/gnulib-comp.m4: Regenerate. * admin/merge-gnulib (GNULIB_MODULES): Add mkostemp. * lib-src/movemail.c (main): * lib-src/update-game-score.c (write_scores): Use mkostemp (which now works on all platforms, due to changes in the portability layer) rather than mktemp (which has a race) or mkstemp (which we no longer bother with). * src/callproc.c (create_temp_file): * src/filelock.c (create_lock_file): Assume mkostemp, since it's now provided by Gnulib. Fixes: debbugs:15015 --- lib/secure_getenv.c | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 lib/secure_getenv.c (limited to 'lib/secure_getenv.c') diff --git a/lib/secure_getenv.c b/lib/secure_getenv.c new file mode 100644 index 00000000000..6c11c5e0edb --- /dev/null +++ b/lib/secure_getenv.c @@ -0,0 +1,41 @@ +/* Look up an environment variable more securely. + + Copyright 2013 Free Software Foundation, Inc. + + This program is free software: you can redistribute it and/or modify it + under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#include + +#include + +#if !HAVE___SECURE_GETENV +# if HAVE_ISSETUGID +# include +# else +# undef issetugid +# define issetugid() 1 +# endif +#endif + +char * +secure_getenv (char const *name) +{ +#if HAVE___SECURE_GETENV + return __secure_getenv (name); +#else + if (issetugid ()) + return 0; + return getenv (name); +#endif +} -- cgit v1.2.3