Add a configure option --enable-force-getenv.

Allows the use of getenv() rather than secure_getenv() to read MALLOC_CONF.
This helps in situations where hosts are under full control, and setting
MALLOC_CONF is needed while also setuid.  Disabled by default.
This commit is contained in:
Qi Wang 2022-11-02 16:09:06 -07:00 committed by Qi Wang
parent 143e9c4a2f
commit 481bbfc990
3 changed files with 32 additions and 6 deletions

View File

@ -1571,6 +1571,22 @@ if test "x$enable_readlinkat" = "x1" ; then
fi fi
AC_SUBST([enable_readlinkat]) AC_SUBST([enable_readlinkat])
dnl Do not force getenv by default
AC_ARG_ENABLE([force-getenv],
[AS_HELP_STRING([--enable-force-getenv], [Use getenv over secure_getenv])],
[if test "x$enable_force_getenv" = "xno" ; then
enable_force_getenv="0"
else
enable_force_getenv="1"
fi
],
[enable_force_getenv="0"]
)
if test "x$enable_force_getenv" = "x1" ; then
AC_DEFINE([JEMALLOC_FORCE_GETENV], [ ], [ ])
fi
AC_SUBST([force_getenv])
dnl Avoid extra safety checks by default dnl Avoid extra safety checks by default
AC_ARG_ENABLE([opt-safety-checks], AC_ARG_ENABLE([opt-safety-checks],
[AS_HELP_STRING([--enable-opt-safety-checks], [AS_HELP_STRING([--enable-opt-safety-checks],

View File

@ -266,6 +266,12 @@
*/ */
#undef JEMALLOC_READLINKAT #undef JEMALLOC_READLINKAT
/*
* If defined, use getenv() (instead of secure_getenv() or
* alternatives) to access MALLOC_CONF.
*/
#undef JEMALLOC_FORCE_GETENV
/* /*
* Darwin (OS X) uses zones to work around Mach-O symbol override shortcomings. * Darwin (OS X) uses zones to work around Mach-O symbol override shortcomings.
*/ */

View File

@ -703,16 +703,20 @@ check_entry_exit_locking(tsdn_t *tsdn) {
*/ */
static char * static char *
jemalloc_secure_getenv(const char *name) { jemalloc_getenv(const char *name) {
#ifdef JEMALLOC_HAVE_SECURE_GETENV #ifdef JEMALLOC_FORCE_GETENV
return secure_getenv(name); return getenv(name);
#else #else
# ifdef JEMALLOC_HAVE_SECURE_GETENV
return secure_getenv(name);
# else
# ifdef JEMALLOC_HAVE_ISSETUGID # ifdef JEMALLOC_HAVE_ISSETUGID
if (issetugid() != 0) { if (issetugid() != 0) {
return NULL; return NULL;
} }
# endif # endif
return getenv(name); return getenv(name);
# endif
#endif #endif
} }
@ -1045,7 +1049,7 @@ obtain_malloc_conf(unsigned which_source, char buf[PATH_MAX + 1]) {
#endif #endif
; ;
if ((ret = jemalloc_secure_getenv(envname)) != NULL) { if ((ret = jemalloc_getenv(envname)) != NULL) {
/* /*
* Do nothing; opts is already initialized to the value * Do nothing; opts is already initialized to the value
* of the MALLOC_CONF environment variable. * of the MALLOC_CONF environment variable.