ncurses 6.4 - patch 20240420

[ncurses.git] / ncurses / tinfo / access.c

diff --git a/ncurses/tinfo/access.c b/ncurses/tinfo/access.c
index 339f169b27bfeed56f1d089daa3d0c6f99a3aa12..50a5769c3d6358fef4af8f67e9ee7cc8aeddc2b0 100644 (file)
--- a/ncurses/tinfo/access.c
+++ b/ncurses/tinfo/access.c
@@ -1,5 +1,5 @@
 /****************************************************************************
- * Copyright 2019-2020,2021 Thomas E. Dickey                                *
+ * Copyright 2019-2021,2023 Thomas E. Dickey                                *
  * Copyright 1998-2011,2012 Free Software Foundation, Inc.                  *
  *                                                                          *
  * Permission is hereby granted, free of charge, to any person obtaining a  *
@@ -43,9 +43,16 @@
 #endif
 #endif
 
+#if HAVE_GETAUXVAL && HAVE_SYS_AUXV_H && defined(__GLIBC__) && (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 19)
+#include <sys/auxv.h>
+#define USE_GETAUXVAL 1
+#else
+#define USE_GETAUXVAL 0
+#endif
+
 #include <tic.h>
 
-MODULE_ID("$Id: access.c,v 1.30 2021/08/28 22:07:31 tom Exp $")
+MODULE_ID("$Id: access.c,v 1.37 2023/06/24 21:55:09 tom Exp $")
 
 #define LOWERCASE(c) ((isalpha(UChar(c)) && isupper(UChar(c))) ? tolower(UChar(c)) : (c))
 
@@ -63,8 +70,8 @@ _nc_rootname(char *path)
     static char *temp;
     char *s;
 
-    temp = strdup(result);
-    result = temp;
+    if ((temp = strdup(result)) != 0)
+       result = temp;
 #if !MIXEDCASE_FILENAMES
     for (s = result; *s != '\0'; ++s) {
        *s = (char) LOWERCASE(*s);
@@ -177,14 +184,25 @@ _nc_is_file_path(const char *path)
     return result;
 }
 
+#if HAVE_GETEUID && HAVE_GETEGID
+#define is_posix_elevated() \
+       (getuid() != geteuid() \
+        || getgid() != getegid())
+#else
+#define is_posix_elevated() FALSE
+#endif
+
 #if HAVE_ISSETUGID
 #define is_elevated() issetugid()
-#elif HAVE_GETEUID && HAVE_GETEGID
+#elif USE_GETAUXVAL && defined(AT_SECURE)
 #define is_elevated() \
-       (getuid() != geteuid() \
-        || getgid() != getegid())
+       (getauxval(AT_SECURE) \
+        ? TRUE \
+        : (errno != ENOENT \
+           ? FALSE \
+           : is_posix_elevated()))
 #else
-#define is_elevated() FALSE
+#define is_elevated() is_posix_elevated()
 #endif
 
 #if HAVE_SETFSUID
@@ -203,24 +221,30 @@ _nc_is_file_path(const char *path)
 #define resume_elevation()     /* nothing */
 #endif
 
-#ifndef USE_ROOT_ENVIRON
 /*
- * Returns true if we allow application to use environment variables that are
- * used for searching lists of directories, etc.
+ * Returns true if not running as root or setuid.  We use this check to allow
+ * applications to use environment variables that are used for searching lists
+ * of directories, etc.
  */
 NCURSES_EXPORT(int)
 _nc_env_access(void)
 {
     int result = TRUE;
 
+#if HAVE_GETUID && HAVE_GETEUID
+#if !defined(USE_SETUID_ENVIRON)
     if (is_elevated()) {
        result = FALSE;
-    } else if ((getuid() == ROOT_UID) && (geteuid() == ROOT_UID)) {
+    }
+#endif
+#if !defined(USE_ROOT_ENVIRON)
+    if ((getuid() == ROOT_UID) || (geteuid() == ROOT_UID)) {
        result = FALSE;
     }
+#endif
+#endif /* HAVE_GETUID && HAVE_GETEUID */
     return result;
 }
-#endif /* USE_ROOT_ENVIRON */
 
 #ifndef USE_ROOT_ACCESS
 /*
@@ -257,4 +281,4 @@ _nc_safe_open3(const char *path, int flags, mode_t mode)
 #endif
     return result;
 }
-#endif /* USE_ROOT_ENVIRON */
+#endif /* USE_ROOT_ACCESS */