hardening: Use __secure_getenv if available

This helps us in the case where we were executed via filesystem
capabilities or a SELinux domain transition, not necessarily a plain
old setuid binary.

https://bugs.freedesktop.org/show_bug.cgi?id=52202

2 files changed, 7 insertions, 1 deletions

diff --git a/configure.ac b/configure.ac
index b0f2ec20..4fdf82bc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -595,7 +595,7 @@ AC_DEFINE_UNQUOTED([DBUS_USE_SYNC], [$have_sync], [Use the gcc __sync extension]
 AC_SEARCH_LIBS(socket,[socket network])
 AC_CHECK_FUNC(gethostbyname,,[AC_CHECK_LIB(nsl,gethostbyname)])
 
-AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull issetugid getresuid)
+AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull issetugid getresuid secure_getenv __secure_getenv )
 
 AC_CHECK_HEADERS([syslog.h])
 if test "x$ac_cv_header_syslog_h" = "xyes"; then
diff --git a/dbus/dbus-sysdeps.c b/dbus/dbus-sysdeps.c
index 04fb8d76..976c7e4b 100644
--- a/dbus/dbus-sysdeps.c
+++ b/dbus/dbus-sysdeps.c
@@ -182,12 +182,18 @@ _dbus_setenv (const char *varname,
 const char*
 _dbus_getenv (const char *varname)
 {  
+#if defined(HAVE_SECURE_GETENV)
+  return secure_getenv (varname);
+#elif defined(HAVE___SECURE_GETENV)
+  return __secure_getenv (varname);
+#else
   /* Don't respect any environment variables if the current process is
    * setuid.  This is the equivalent of glibc's __secure_getenv().
    */
   if (_dbus_check_setuid ())
     return NULL;
   return getenv (varname);
+#endif
 }
 
 /**