diff options
| author | Qi Wang <interwq@gwu.edu> | 2022-11-02 16:09:06 -0700 |
|---|---|---|
| committer | Qi Wang <interwq@gmail.com> | 2022-11-04 13:37:14 -0700 |
| commit | 481bbfc9906e7744716677edd49d0d6c22556a1a (patch) | |
| tree | bb172f174ca3e1822790d22d4ac704bef3c64aa8 | |
| parent | 143e9c4a2f4eb8916e9802323485fd91260fd17c (diff) | |
| download | jemalloc-481bbfc9906e7744716677edd49d0d6c22556a1a.tar.gz | |
Add a configure option --enable-force-getenv.
Allows the use of getenv() rather than secure_getenv() to read MALLOC_CONF.
This helps in situations where hosts are under full control, and setting
MALLOC_CONF is needed while also setuid. Disabled by default.
| -rw-r--r-- | configure.ac | 16 | ||||
| -rw-r--r-- | include/jemalloc/internal/jemalloc_internal_defs.h.in | 6 | ||||
| -rw-r--r-- | src/jemalloc.c | 16 |
3 files changed, 32 insertions, 6 deletions
diff --git a/configure.ac b/configure.ac index 64c0c847..846a049c 100644 --- a/configure.ac +++ b/configure.ac @@ -1571,6 +1571,22 @@ if test "x$enable_readlinkat" = "x1" ; then fi AC_SUBST([enable_readlinkat]) +dnl Do not force getenv by default +AC_ARG_ENABLE([force-getenv], + [AS_HELP_STRING([--enable-force-getenv], [Use getenv over secure_getenv])], +[if test "x$enable_force_getenv" = "xno" ; then + enable_force_getenv="0" +else + enable_force_getenv="1" +fi +], +[enable_force_getenv="0"] +) +if test "x$enable_force_getenv" = "x1" ; then + AC_DEFINE([JEMALLOC_FORCE_GETENV], [ ], [ ]) +fi +AC_SUBST([force_getenv]) + dnl Avoid extra safety checks by default AC_ARG_ENABLE([opt-safety-checks], [AS_HELP_STRING([--enable-opt-safety-checks], diff --git a/include/jemalloc/internal/jemalloc_internal_defs.h.in b/include/jemalloc/internal/jemalloc_internal_defs.h.in index f5d94ee7..55938433 100644 --- a/include/jemalloc/internal/jemalloc_internal_defs.h.in +++ b/include/jemalloc/internal/jemalloc_internal_defs.h.in @@ -267,6 +267,12 @@ #undef JEMALLOC_READLINKAT /* + * If defined, use getenv() (instead of secure_getenv() or + * alternatives) to access MALLOC_CONF. + */ +#undef JEMALLOC_FORCE_GETENV + +/* * Darwin (OS X) uses zones to work around Mach-O symbol override shortcomings. */ #undef JEMALLOC_ZONE diff --git a/src/jemalloc.c b/src/jemalloc.c index a4761c9b..039be40f 100644 --- a/src/jemalloc.c +++ b/src/jemalloc.c @@ -703,16 +703,20 @@ check_entry_exit_locking(tsdn_t *tsdn) { */ static char * -jemalloc_secure_getenv(const char *name) { -#ifdef JEMALLOC_HAVE_SECURE_GETENV - return secure_getenv(name); +jemalloc_getenv(const char *name) { +#ifdef JEMALLOC_FORCE_GETENV + return getenv(name); #else -# ifdef JEMALLOC_HAVE_ISSETUGID +# ifdef JEMALLOC_HAVE_SECURE_GETENV + return secure_getenv(name); +# else +# ifdef JEMALLOC_HAVE_ISSETUGID if (issetugid() != 0) { return NULL; } -# endif +# endif return getenv(name); +# endif #endif } @@ -1045,7 +1049,7 @@ obtain_malloc_conf(unsigned which_source, char buf[PATH_MAX + 1]) { #endif ; - if ((ret = jemalloc_secure_getenv(envname)) != NULL) { + if ((ret = jemalloc_getenv(envname)) != NULL) { /* * Do nothing; opts is already initialized to the value * of the MALLOC_CONF environment variable. |