1 /* Look up an environment variable, returning NULL in insecure situations. 2 3 Copyright 2013-2021 Free Software Foundation, Inc. 4 5 This file is free software: you can redistribute it and/or modify 6 it under the terms of the GNU Lesser General Public License as 7 published by the Free Software Foundation; either version 2.1 of the 8 License, or (at your option) any later version. 9 10 This file is distributed in the hope that it will be useful, 11 but WITHOUT ANY WARRANTY; without even the implied warranty of 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 GNU Lesser General Public License for more details. 14 15 You should have received a copy of the GNU Lesser General Public License 16 along with this program. If not, see <https://www.gnu.org/licenses/>. */ 17 18 #include <config.h> 19 20 #include <stdlib.h> 21 22 #if !HAVE___SECURE_GETENV 23 # if HAVE_ISSETUGID || (HAVE_GETUID && HAVE_GETEUID && HAVE_GETGID && HAVE_GETEGID) 24 # include <unistd.h> 25 # endif 26 #endif 27 28 char * 29 secure_getenv (char const *name) /* */ 30 { 31 #if HAVE___SECURE_GETENV /* glibc */ 32 return __secure_getenv (name); 33 #elif HAVE_ISSETUGID /* OS X, FreeBSD, NetBSD, OpenBSD */ 34 if (issetugid ()) 35 return NULL; 36 return getenv (name); 37 #elif HAVE_GETUID && HAVE_GETEUID && HAVE_GETGID && HAVE_GETEGID /* other Unix */ 38 if (geteuid () != getuid () || getegid () != getgid ()) 39 return NULL; 40 return getenv (name); 41 #elif defined _WIN32 && ! defined __CYGWIN__ /* native Windows */ 42 /* On native Windows, there is no such concept as setuid or setgid binaries. 43 - Programs launched as system services have high privileges, but they don't 44 inherit environment variables from a user. 45 - Programs launched by a user with "Run as Administrator" have high 46 privileges and use the environment variables, but the user has been asked 47 whether he agrees. 48 - Programs launched by a user without "Run as Administrator" cannot gain 49 high privileges, therefore there is no risk. */ 50 return getenv (name); 51 #else 52 return NULL; 53 #endif 54 }