Detect dangerous use of environment variables at run-time

author Rémi Denis-Courmont <remi@remlab.net>

Sun, 11 Apr 2010 15:37:46 +0000 (18:37 +0300)

committer Rémi Denis-Courmont <remi@remlab.net>

Sun, 11 Apr 2010 15:38:49 +0000 (18:38 +0300)
author Rémi Denis-Courmont <remi@remlab.net>
Sun, 11 Apr 2010 15:37:46 +0000 (18:37 +0300)
committer Rémi Denis-Courmont <remi@remlab.net>
Sun, 11 Apr 2010 15:38:49 +0000 (18:38 +0300)
diff --git a/bin/override.c b/bin/override.c

index 048c8fe1ca50d5f810951b228f26db19485521d0..5098a7d59823e329a3c9e6469a72e1fdece1b84d 100644 (file)
--- a/bin/override.c
+++ b/bin/override.c
@@ -77,4 +77,43 @@ static void *getsym (const char *name)
      ({ typeof (func) *sym = getsym ( # func); sym (__VA_ARGS__); })
  
  
+/*** Environment ***
+ *
+ * "Conforming multi-threaded applications shall not use the environ variable
+ *  to access or modify any environment variable while any other thread is
+ *  concurrently modifying any environment variable." -- POSIX.
+ *
+ * Some evil libraries modify the environment. We currently ignore the calls as
+ * they could crash the process. This may cause funny behaviour though. */
+int putenv (char *str)
+{
+    if (override)
+    {
+        LOG("Blocked", "\"%s\"", str);
+        return 0;
+    }
+    return CALL(putenv, str);
+}
+
+int setenv (const char *name, const char *value, int overwrite)
+{
+    if (override)
+    {
+        LOG("Blocked", "\"%s\", \"%s\", %d", name, value, overwrite);
+        return 0;
+    }
+    return CALL(setenv, name, value, overwrite);
+}
+
+int unsetenv (const char *name)
+{
+    if (override)
+    {
+        LOG("Blocked", "\"%s\"", name);
+        return 0;
+    }
+    return CALL(unsetenv, name);
+}
+
+
  #endif /* __ELF__ */
author	Rémi Denis-Courmont <remi@remlab.net>
	Sun, 11 Apr 2010 15:37:46 +0000 (18:37 +0300)
committer	Rémi Denis-Courmont <remi@remlab.net>
	Sun, 11 Apr 2010 15:38:49 +0000 (18:38 +0300)