lib/env, ...: use getauxval(AT_SECURE) for SUID check

Comparing effective and real uid/gid is not a proper way to check for SUID execution: 1. this does not consider file capabilities 2. this check breaks when NO_NEW_PRIVS is used as the Linux kernel resets effective ids during execve(); this means the check is false, but the process still has raised capabilities For more details about the NO_NEW_PRIVS problem, check this post and the surrounding thread: https://lore.kernel.org/lkml/20250509184105.840928-1-max.kellermann@ionos.com/ Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
author: Max Kellermann <max.kellermann@ionos.com> 2025-05-10 22:26:50 +0200
committer: Max Kellermann <max.kellermann@ionos.com> 2025-05-10 22:37:19 +0200
commit: b36add06585acf77e1a50fc0d2c901a0129582a4 (patch)
tree: 6aa81064bcd29c2adff815738671e6ab8b9b5ba8 /lib/env.c
parent: 4e417332f4154acb0e7a12c775696eb561a405aa (diff)
download: util-linux-b36add06585acf77e1a50fc0d2c901a0129582a4.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/env.c b/lib/env.c
index 0874fe482b..3fc4f2e21e 100644
--- a/lib/env.c
+++ b/lib/env.c
@@ -16,6 +16,7 @@
 #include <sys/syscall.h>
 #endif
 #include <unistd.h>
+#include <sys/auxv.h> // for getauxval()
 #include <sys/types.h>
 
 #include "env.h"
@@ -260,7 +261,7 @@ void sanitize_env(void)
 
 char *safe_getenv(const char *arg)
 {
-	if ((getuid() != geteuid()) || (getgid() != getegid()))
+	if (getauxval(AT_SECURE))
 		return NULL;
 #ifdef HAVE_PRCTL
 	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 0)
author	Max Kellermann <max.kellermann@ionos.com>	2025-05-10 22:26:50 +0200
committer	Max Kellermann <max.kellermann@ionos.com>	2025-05-10 22:37:19 +0200
commit	b36add06585acf77e1a50fc0d2c901a0129582a4 (patch)
tree	6aa81064bcd29c2adff815738671e6ab8b9b5ba8 /lib/env.c
parent	4e417332f4154acb0e7a12c775696eb561a405aa (diff)
download	util-linux-b36add06585acf77e1a50fc0d2c901a0129582a4.tar.gz