From a7c7bea1c3ab4fdf985f5e520cec6d4f276a47d2 Mon Sep 17 00:00:00 2001 From: Daniel Bevenius Date: Thu, 20 Apr 2017 20:08:53 +0200 Subject: [PATCH 1/3] src: add linux getauxval(AT_SECURE) in SafeGetenv This commit attempts to fix the following TODO: // TODO(bnoordhuis) Should perhaps also check whether getauxval(AT_SECURE) is non-zero on Linux. This can be manually tested at the moment using the following steps: $ setcap cap_net_raw+ep out/Release/node $ NODE_PENDING_DEPRECATION="1" out/Release/node -p "process.binding('config').pendingDeprecation" true $ useradd test $ su test $ NODE_PENDING_DEPRECATION="1" out/Release/node -p "process.binding('config').pendingDeprecation" undefined --- src/node.cc | 8 ++++++-- src/node_main.cc | 26 ++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/src/node.cc b/src/node.cc index fb98fcebc2a4a5..db74414f10e98c 100644 --- a/src/node.cc +++ b/src/node.cc @@ -230,6 +230,8 @@ bool config_expose_internals = false; bool v8_initialized = false; +bool linux_at_secure = false; + // process-relative uptime base, initialized at start-up static double prog_start_time; static bool debugger_running; @@ -959,13 +961,15 @@ Local UVException(Isolate* isolate, // Look up environment variable unless running as setuid root. bool SafeGetenv(const char* key, std::string* text) { #ifndef _WIN32 - // TODO(bnoordhuis) Should perhaps also check whether getauxval(AT_SECURE) - // is non-zero on Linux. if (getuid() != geteuid() || getgid() != getegid()) { text->clear(); return false; } #endif + if (linux_at_secure) { + text->clear(); + return false; + } if (const char* value = getenv(key)) { *text = value; return true; diff --git a/src/node_main.cc b/src/node_main.cc index 3194eb78cab130..dcea04e6be953d 100644 --- a/src/node_main.cc +++ b/src/node_main.cc @@ -71,7 +71,33 @@ int wmain(int argc, wchar_t *wargv[]) { } #else // UNIX +#ifdef __linux__ +#include +#include +#ifdef __LP64__ +#define Elf_auxv_t Elf64_auxv_t +#else +#define Elf_auxv_t Elf32_auxv_t +#endif // __LP64__ +extern char **environ; +#endif // __linux__ + +namespace node { + extern bool linux_at_secure; +} // namespace node + int main(int argc, char *argv[]) { +#if defined(__linux__) + char** envp = environ; + while (*envp++ != nullptr) {} + Elf_auxv_t* auxv = reinterpret_cast(envp); + for (; auxv->a_type != AT_NULL; auxv++) { + if (auxv->a_type == AT_SECURE) { + node::linux_at_secure = auxv->a_un.a_val; + break; + } + } +#endif // Disable stdio buffering, it interacts poorly with printf() // calls elsewhere in the program (e.g., any logging from V8.) setvbuf(stdout, nullptr, _IONBF, 0); From 21f24463d19f2efca547b8dce4e5d16ab3ebcdb1 Mon Sep 17 00:00:00 2001 From: Daniel Bevenius Date: Wed, 24 May 2017 19:59:31 +0200 Subject: [PATCH 2/3] remove unused inttypes.h --- src/node_main.cc | 1 - 1 file changed, 1 deletion(-) diff --git a/src/node_main.cc b/src/node_main.cc index dcea04e6be953d..0b4a9da9f4dc2b 100644 --- a/src/node_main.cc +++ b/src/node_main.cc @@ -73,7 +73,6 @@ int wmain(int argc, wchar_t *wargv[]) { // UNIX #ifdef __linux__ #include -#include #ifdef __LP64__ #define Elf_auxv_t Elf64_auxv_t #else From e4eb85519c8caaabcf0ec373afb0d65f95c4accd Mon Sep 17 00:00:00 2001 From: Daniel Bevenius Date: Wed, 24 May 2017 20:00:13 +0200 Subject: [PATCH 3/3] fix pointer style --- src/node_main.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/node_main.cc b/src/node_main.cc index 0b4a9da9f4dc2b..7d6d9b1a01bbd4 100644 --- a/src/node_main.cc +++ b/src/node_main.cc @@ -78,7 +78,7 @@ int wmain(int argc, wchar_t *wargv[]) { #else #define Elf_auxv_t Elf32_auxv_t #endif // __LP64__ -extern char **environ; +extern char** environ; #endif // __linux__ namespace node {