From b78c251d720b75436238bcd44dc366ba49e6d9ed Mon Sep 17 00:00:00 2001
From: Jon Ashburn <jon@lunarg.com>
Date: Mon, 4 Apr 2016 13:52:53 -0600
Subject: loader: ghlvl #204, Use __secure_getenv if secure_getenv is
 unavailable

Also add group id check to getenv suid check in loader.

Change-Id: Icbc08258498f893ee5fce144c043bdc6bd8e5423
---
 loader/loader.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'loader')

diff --git a/loader/loader.c b/loader/loader.c
index 8fff9df0..b4dbe553 100644
--- a/loader/loader.c
+++ b/loader/loader.c
@@ -52,6 +52,12 @@
 #include "cJSON.h"
 #include "murmurhash.h"
 
+#if defined(__GNUC__)
+#    if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 17)
+#        define secure_getenv __secure_getenv
+#    endif
+#endif
+
 static loader_platform_dl_handle
 loader_add_layer_lib(const struct loader_instance *inst, const char *chain_type,
                      struct loader_layer_properties *layer_prop);
@@ -2237,7 +2243,7 @@ static void loader_get_manifest_files(const struct loader_instance *inst,
 
     if (env_override != NULL && (override = loader_getenv(env_override))) {
 #if !defined(_WIN32)
-        if (geteuid() != getuid()) {
+        if (geteuid() != getuid()  || getegid() != getgid()) {
             /* Don't allow setuid apps to use the env var: */
             loader_free_getenv(override);
             override = NULL;
-- 
cgit v1.2.3