libkmod: Use secure_getenv if available

"The secure_getenv() function is intended for use in general-purpose
libraries to avoid vulnerabilities that could occur if set-user-ID or
set-group-ID programs accidentally trusted the environment."

3 files changed, 11 insertions, 1 deletions

diff --git a/configure.ac b/configure.ac
index 566b317..1c6c793 100644
--- a/configure.ac
+++ b/configure.ac
@@ -39,6 +39,7 @@ PKG_PROG_PKG_CONFIG
 #####################################################################
 
 AC_CHECK_FUNCS_ONCE(__xstat)
+AC_CHECK_FUNCS_ONCE([__secure_getenv secure_getenv])
 
 # dietlibc doesn't have st.st_mtim struct member
 AC_CHECK_MEMBERS([struct stat.st_mtim], [], [], [#include <sys/stat.h>])
diff --git a/libkmod/libkmod-private.h b/libkmod/libkmod-private.h
index 7748b14..8d8599a 100644
--- a/libkmod/libkmod-private.h
+++ b/libkmod/libkmod-private.h
@@ -35,6 +35,15 @@ static _always_inline_ _printf_format_(2, 3) void
 
 #define KCMD_LINE_SIZE 4096
 
+#ifndef HAVE_SECURE_GETENV
+#  ifdef HAVE___SECURE_GETENV
+#    define secure_getenv __secure_getenv
+#  else
+#    warning neither secure_getenv nor __secure_getenv is available
+#    define secure_getenv getenv
+#  endif
+#endif
+
 void kmod_log(const struct kmod_ctx *ctx,
 		int priority, const char *file, int line, const char *fn,
 		const char *format, ...) __attribute__((format(printf, 6, 7))) __attribute__((nonnull(1, 3, 5)));
diff --git a/libkmod/libkmod.c b/libkmod/libkmod.c
index b3e1d6b..2ef19d3 100644
--- a/libkmod/libkmod.c
+++ b/libkmod/libkmod.c
@@ -254,7 +254,7 @@ KMOD_EXPORT struct kmod_ctx *kmod_new(const char *dirname,
 	ctx->dirname = get_kernel_release(dirname);
 
 	/* environment overwrites config */
-	env = getenv("KMOD_LOG");
+	env = secure_getenv("KMOD_LOG");
 	if (env != NULL)
 		kmod_set_log_priority(ctx, log_priority(env));