* maybe make systemd-detect-virt suid? or use fscaps?
-* consider using __secure_getenv() instead of getenv() in libs
-
* man: document in ExecStart= explicitly that we don't take shell command lines, only executable names with arguments
* shutdown: don't read-only mount anything when running in container
* set_put(), hashmap_put() return values check. i.e. == 0 doesn't free()!
+* use __secure_getenv() instead of getenv() where appropriate
+
Scheduled for removal (or fixing):
* xxxOverridable dependencies
switch (type) {
case DBUS_BUS_SYSTEM:
- address = getenv("DBUS_SYSTEM_BUS_ADDRESS");
+ address = __secure_getenv("DBUS_SYSTEM_BUS_ADDRESS");
if (!address || !address[0])
address = DBUS_SYSTEM_BUS_DEFAULT_ADDRESS;
break;
case DBUS_BUS_SESSION:
- address = getenv("DBUS_SESSION_BUS_ADDRESS");
+ address = __secure_getenv("DBUS_SESSION_BUS_ADDRESS");
if (!address || !address[0])
address = DBUS_SESSION_BUS_DEFAULT_ADDRESS;
break;
const char *e;
char *p;
- e = getenv("XDG_RUNTIME_DIR");
+ e = __secure_getenv("XDG_RUNTIME_DIR");
if (!e)
return 0;
void log_parse_environment(void) {
const char *e;
- if ((e = getenv("SYSTEMD_LOG_TARGET")))
- if (log_set_target_from_string(e) < 0)
- log_warning("Failed to parse log target %s. Ignoring.", e);
+ e = __secure_getenv("SYSTEMD_LOG_TARGET");
+ if (e && log_set_target_from_string(e) < 0)
+ log_warning("Failed to parse log target %s. Ignoring.", e);
- if ((e = getenv("SYSTEMD_LOG_LEVEL")))
- if (log_set_max_level_from_string(e) < 0)
- log_warning("Failed to parse log level %s. Ignoring.", e);
+ e = __secure_getenv("SYSTEMD_LOG_LEVEL");
+ if (e && log_set_max_level_from_string(e) < 0)
+ log_warning("Failed to parse log level %s. Ignoring.", e);
- if ((e = getenv("SYSTEMD_LOG_COLOR")))
- if (log_show_color_from_string(e) < 0)
- log_warning("Failed to parse bool %s. Ignoring.", e);
+ e = __secure_getenv("SYSTEMD_LOG_COLOR");
+ if (e && log_show_color_from_string(e) < 0)
+ log_warning("Failed to parse bool %s. Ignoring.", e);
- if ((e = getenv("SYSTEMD_LOG_LOCATION")))
- if (log_show_location_from_string(e) < 0)
- log_warning("Failed to parse bool %s. Ignoring.", e);
+ e = __secure_getenv("SYSTEMD_LOG_LOCATION");
+ if (e && log_show_location_from_string(e) < 0)
+ log_warning("Failed to parse bool %s. Ignoring.", e);
}
LogTarget log_get_target(void) {