diff options
-rw-r--r-- | meson.build | 4 | ||||
-rw-r--r-- | src/libcamera/utils.cpp | 7 |
2 files changed, 10 insertions, 1 deletions
diff --git a/meson.build b/meson.build index f6ab7380..4d7d936f 100644 --- a/meson.build +++ b/meson.build @@ -33,6 +33,10 @@ if cc.has_header_symbol('execinfo.h', 'backtrace') config_h.set('HAVE_BACKTRACE', 1) endif +if cc.has_header_symbol('unistd.h', 'issetugid') + config_h.set('HAVE_ISSETUGID', 1) +endif + if cc.has_header_symbol('stdlib.h', 'secure_getenv', prefix : '#define _GNU_SOURCE') config_h.set('HAVE_SECURE_GETENV', 1) endif diff --git a/src/libcamera/utils.cpp b/src/libcamera/utils.cpp index 2e7d35fb..49b8fc9e 100644 --- a/src/libcamera/utils.cpp +++ b/src/libcamera/utils.cpp @@ -59,6 +59,10 @@ const char *basename(const char *path) * avoid vulnerabilities that could occur if set-user-ID or set-group-ID * programs accidentally trust the environment. * + * \note Not all platforms may support the features required to implement the + * secure execution check, in which case this function behaves as getenv(). A + * notable example of this is Android. + * * \return A pointer to the value in the environment or NULL if the requested * environment variable doesn't exist or if secure execution is required. */ @@ -67,9 +71,10 @@ char *secure_getenv(const char *name) #if HAVE_SECURE_GETENV return ::secure_getenv(name); #else +#if HAVE_ISSETUGID if (issetugid()) return NULL; - +#endif return getenv(name); #endif } |