libchrome/sandbox/linux/suid/common/suid_unsafe_environment_variables.h - nest-cam/4320010/libchrome - Git at Google

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 // This is a list of environment variables which the ELF loader unsets when
 // loading a SUID binary. Because they are unset rather than just ignored, they
 // aren't passed to child processes of SUID processes either.
 //
 // We need to save these environment variables before running a SUID sandbox
 // and restore them before running child processes (but after dropping root).
 //
 // List gathered from glibc sources (00ebd7ed58df389a78e41dece058048725cb585e):
 //   sysdeps/unix/sysv/linux/i386/dl-librecon.h
 //   sysdeps/generic/unsecvars.h

 #ifndef SANDBOX_LINUX_SUID_COMMON_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_
 #define SANDBOX_LINUX_SUID_COMMON_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_

 #include <stddef.h>
 #include <stdint.h>
 #include <stdlib.h>  // malloc
 #include <string.h>  // memcpy

 static const char* const kSUIDUnsafeEnvironmentVariables[] = {
   "LD_AOUT_LIBRARY_PATH",
   "LD_AOUT_PRELOAD",
   "GCONV_PATH",
   "GETCONF_DIR",
   "HOSTALIASES",
   "LD_AUDIT",
   "LD_DEBUG",
   "LD_DEBUG_OUTPUT",
   "LD_DYNAMIC_WEAK",
   "LD_LIBRARY_PATH",
   "LD_ORIGIN_PATH",
   "LD_PRELOAD",
   "LD_PROFILE",
   "LD_SHOW_AUXV",
   "LD_USE_LOAD_BIAS",
   "LOCALDOMAIN",
   "LOCPATH",
   "MALLOC_TRACE",
   "NIS_PATH",
   "NLSPATH",
   "RESOLV_HOST_CONF",
   "RES_OPTIONS",
   "TMPDIR",
   "TZDIR",
   NULL,
 };

 // Return a malloc allocated string containing the 'saved' environment variable
 // name for a given environment variable.
 static inline char* SandboxSavedEnvironmentVariable(const char* envvar) {
   const size_t envvar_len = strlen(envvar);
   const size_t kMaxSizeT = (size_t) -1;

   if (envvar_len > kMaxSizeT - 1 - 8)
     return NULL;

   const size_t saved_envvarlen = envvar_len + 1 /* NUL terminator */ +
                                               8 /* strlen("SANDBOX_") */;
   char* const saved_envvar = (char*) malloc(saved_envvarlen);
   if (!saved_envvar)
     return NULL;

   memcpy(saved_envvar, "SANDBOX_", 8);
   memcpy(saved_envvar + 8, envvar, envvar_len);
   saved_envvar[8 + envvar_len] = 0;

   return saved_envvar;
 }

 #endif  // SANDBOX_LINUX_SUID_COMMON_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_
	// Copyright (c) 2012 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	// This is a list of environment variables which the ELF loader unsets when
	// loading a SUID binary. Because they are unset rather than just ignored, they
	// aren't passed to child processes of SUID processes either.
	//
	// We need to save these environment variables before running a SUID sandbox
	// and restore them before running child processes (but after dropping root).
	//
	// List gathered from glibc sources (00ebd7ed58df389a78e41dece058048725cb585e):
	// sysdeps/unix/sysv/linux/i386/dl-librecon.h
	// sysdeps/generic/unsecvars.h

	#ifndef SANDBOX_LINUX_SUID_COMMON_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_
	#define SANDBOX_LINUX_SUID_COMMON_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_

	#include <stddef.h>
	#include <stdint.h>
	#include <stdlib.h> // malloc
	#include <string.h> // memcpy

	static const char* const kSUIDUnsafeEnvironmentVariables[] = {
	"LD_AOUT_LIBRARY_PATH",
	"LD_AOUT_PRELOAD",
	"GCONV_PATH",
	"GETCONF_DIR",
	"HOSTALIASES",
	"LD_AUDIT",
	"LD_DEBUG",
	"LD_DEBUG_OUTPUT",
	"LD_DYNAMIC_WEAK",
	"LD_LIBRARY_PATH",
	"LD_ORIGIN_PATH",
	"LD_PRELOAD",
	"LD_PROFILE",
	"LD_SHOW_AUXV",
	"LD_USE_LOAD_BIAS",
	"LOCALDOMAIN",
	"LOCPATH",
	"MALLOC_TRACE",
	"NIS_PATH",
	"NLSPATH",
	"RESOLV_HOST_CONF",
	"RES_OPTIONS",
	"TMPDIR",
	"TZDIR",
	NULL,
	};

	// Return a malloc allocated string containing the 'saved' environment variable
	// name for a given environment variable.
	static inline char* SandboxSavedEnvironmentVariable(const char* envvar) {
	const size_t envvar_len = strlen(envvar);
	const size_t kMaxSizeT = (size_t) -1;

	if (envvar_len > kMaxSizeT - 1 - 8)
	return NULL;

	const size_t saved_envvarlen = envvar_len + 1 /* NUL terminator */ +
	8 /* strlen("SANDBOX_") */;
	char* const saved_envvar = (char*) malloc(saved_envvarlen);
	if (!saved_envvar)
	return NULL;

	memcpy(saved_envvar, "SANDBOX_", 8);
	memcpy(saved_envvar + 8, envvar, envvar_len);
	saved_envvar[8 + envvar_len] = 0;

	return saved_envvar;
	}

	#endif // SANDBOX_LINUX_SUID_COMMON_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_