@@ -100,12 +100,7 @@ typedef int mode_t;
100
100
#else
101
101
#include < pthread.h>
102
102
#include < sys/resource.h> // getrlimit, setrlimit
103
- #include < unistd.h> // setuid, getuid
104
- #endif
105
-
106
- #if defined(__POSIX__) && !defined(__ANDROID__) && !defined(__CloudABI__)
107
- #include < pwd.h> // getpwnam()
108
- #include < grp.h> // getgrnam()
103
+ #include < unistd.h> // STDIN_FILENO, STDERR_FILENO
109
104
#endif
110
105
111
106
namespace node {
@@ -153,8 +148,6 @@ unsigned int reverted = 0;
153
148
154
149
bool v8_initialized = false ;
155
150
156
- bool linux_at_secure = false ;
157
-
158
151
// process-relative uptime base, initialized at start-up
159
152
double prog_start_time;
160
153
@@ -504,27 +497,6 @@ const char* signo_string(int signo) {
504
497
}
505
498
}
506
499
507
- // Look up environment variable unless running as setuid root.
508
- bool SafeGetenv (const char * key, std::string* text) {
509
- #if !defined(__CloudABI__) && !defined(_WIN32)
510
- if (linux_at_secure || getuid () != geteuid () || getgid () != getegid ())
511
- goto fail;
512
- #endif
513
-
514
- {
515
- Mutex::ScopedLock lock (environ_mutex);
516
- if (const char * value = getenv (key)) {
517
- *text = value;
518
- return true ;
519
- }
520
- }
521
-
522
- fail:
523
- text->clear ();
524
- return false ;
525
- }
526
-
527
-
528
500
void * ArrayBufferAllocator::Allocate (size_t size) {
529
501
if (zero_fill_field_ || per_process_opts->zero_fill_all_buffers )
530
502
return UncheckedCalloc (size);
@@ -1165,14 +1137,6 @@ void SetupProcessObject(Environment* env,
1165
1137
env->SetMethod (process, " dlopen" , binding::DLOpen);
1166
1138
env->SetMethod (process, " reallyExit" , Exit);
1167
1139
env->SetMethodNoSideEffect (process, " uptime" , Uptime);
1168
-
1169
- #if defined(__POSIX__) && !defined(__ANDROID__) && !defined(__CloudABI__)
1170
- env->SetMethodNoSideEffect (process, " getuid" , GetUid);
1171
- env->SetMethodNoSideEffect (process, " geteuid" , GetEUid);
1172
- env->SetMethodNoSideEffect (process, " getgid" , GetGid);
1173
- env->SetMethodNoSideEffect (process, " getegid" , GetEGid);
1174
- env->SetMethodNoSideEffect (process, " getgroups" , GetGroups);
1175
- #endif // __POSIX__ && !defined(__ANDROID__) && !defined(__CloudABI__)
1176
1140
}
1177
1141
1178
1142
@@ -1633,37 +1597,40 @@ void Init(std::vector<std::string>* argv,
1633
1597
{
1634
1598
std::string text;
1635
1599
default_env_options->pending_deprecation =
1636
- SafeGetenv (" NODE_PENDING_DEPRECATION" , &text) && text[0 ] == ' 1' ;
1600
+ credentials::SafeGetenv (" NODE_PENDING_DEPRECATION" , &text) &&
1601
+ text[0 ] == ' 1' ;
1637
1602
}
1638
1603
1639
1604
// Allow for environment set preserving symlinks.
1640
1605
{
1641
1606
std::string text;
1642
1607
default_env_options->preserve_symlinks =
1643
- SafeGetenv (" NODE_PRESERVE_SYMLINKS" , &text) && text[0 ] == ' 1' ;
1608
+ credentials::SafeGetenv (" NODE_PRESERVE_SYMLINKS" , &text) &&
1609
+ text[0 ] == ' 1' ;
1644
1610
}
1645
1611
1646
1612
{
1647
1613
std::string text;
1648
1614
default_env_options->preserve_symlinks_main =
1649
- SafeGetenv (" NODE_PRESERVE_SYMLINKS_MAIN" , &text) && text[0 ] == ' 1' ;
1615
+ credentials::SafeGetenv (" NODE_PRESERVE_SYMLINKS_MAIN" , &text) &&
1616
+ text[0 ] == ' 1' ;
1650
1617
}
1651
1618
1652
1619
if (default_env_options->redirect_warnings .empty ()) {
1653
- SafeGetenv (" NODE_REDIRECT_WARNINGS" ,
1654
- &default_env_options->redirect_warnings );
1620
+ credentials:: SafeGetenv (" NODE_REDIRECT_WARNINGS" ,
1621
+ &default_env_options->redirect_warnings );
1655
1622
}
1656
1623
1657
1624
#if HAVE_OPENSSL
1658
1625
std::string* openssl_config = &per_process_opts->openssl_config ;
1659
1626
if (openssl_config->empty ()) {
1660
- SafeGetenv (" OPENSSL_CONF" , openssl_config);
1627
+ credentials:: SafeGetenv (" OPENSSL_CONF" , openssl_config);
1661
1628
}
1662
1629
#endif
1663
1630
1664
1631
#if !defined(NODE_WITHOUT_NODE_OPTIONS)
1665
1632
std::string node_options;
1666
- if (SafeGetenv (" NODE_OPTIONS" , &node_options)) {
1633
+ if (credentials:: SafeGetenv (" NODE_OPTIONS" , &node_options)) {
1667
1634
std::vector<std::string> env_argv;
1668
1635
// [0] is expected to be the program name, fill it in from the real argv.
1669
1636
env_argv.push_back (argv->at (0 ));
@@ -1695,7 +1662,7 @@ void Init(std::vector<std::string>* argv,
1695
1662
#if defined(NODE_HAVE_I18N_SUPPORT)
1696
1663
// If the parameter isn't given, use the env variable.
1697
1664
if (per_process_opts->icu_data_dir .empty ())
1698
- SafeGetenv (" NODE_ICU_DATA" , &per_process_opts->icu_data_dir );
1665
+ credentials:: SafeGetenv (" NODE_ICU_DATA" , &per_process_opts->icu_data_dir );
1699
1666
// Initialize ICU.
1700
1667
// If icu_data_dir is empty here, it will load the 'minimal' data.
1701
1668
if (!i18n::InitializeICUDirectory (per_process_opts->icu_data_dir )) {
@@ -2103,7 +2070,7 @@ int Start(int argc, char** argv) {
2103
2070
#if HAVE_OPENSSL
2104
2071
{
2105
2072
std::string extra_ca_certs;
2106
- if (SafeGetenv (" NODE_EXTRA_CA_CERTS" , &extra_ca_certs))
2073
+ if (credentials:: SafeGetenv (" NODE_EXTRA_CA_CERTS" , &extra_ca_certs))
2107
2074
crypto::UseExtraCaCerts (extra_ca_certs);
2108
2075
}
2109
2076
#ifdef NODE_FIPS_MODE
0 commit comments