[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
_nc_env_access also denies non-root users from reading env vars
|
From: |
Arnavion |
|
Subject: |
_nc_env_access also denies non-root users from reading env vars |
|
Date: |
Sat, 28 Aug 2021 00:33:17 -0700 |
Hello,
I noticed that programs using ncurses 6.2 were not taking
the TERMINFO and TERMINFO_DIRS env vars into account,
and tracked it down to the 20210626 patch.
The debugger shows me that _nc_env_access always returns FALSE,
which means use_terminfo_vars evaluates to FALSE,
which means _nc_first_db ignores the env vars. My distro package
was configured with `--disable-root-environ` but I experienced this
even when not running the programs as root.
That patch restructured _nc_env_access along these lines:
- if (getuid() != geteuid()
- || getgid() != getegid())
- return FALSE;
- /* ...finally, disallow root */
- return (getuid() != ROOT_UID) && (geteuid() != ROOT_UID);
+ int result = TRUE;
+
+ if (is_elevated()) {
+ result = FALSE;
+ } else if ((getuid() != ROOT_UID) && (geteuid() != ROOT_UID)) {
+ result = FALSE;
+ }
+ return result;
>From my understanding of what `--disable-root-environ` is meant for
and what the code is doing in response to it, I believe the test for
getuid() / geteuid() != ROOT_UID ought to have been reversed
as part of this change? That is, it should've been:
+ } else if ((getuid() == ROOT_UID) || (geteuid() == ROOT_UID)) {
+ result = FALSE;
+ }
Is my understanding correct?
Thanks,
Arnav Singh
- _nc_env_access also denies non-root users from reading env vars,
Arnavion <=