Mesa (master): egl: Ignore certain environment variables when setuid/setgid .

Chia-I Wu olv at kemper.freedesktop.org
Wed Feb 3 06:20:35 UTC 2010 

Module: Mesa
Branch: master
Commit: 6fd8b6a9e22f474117281b00d15c548c29b8197f
URL:    http://cgit.freedesktop.org/mesa/mesa/commit/?id=6fd8b6a9e22f474117281b00d15c548c29b8197f

Author: Chia-I Wu <olvaffe at gmail.com>
Date:   Tue Feb  2 16:47:53 2010 +0800

egl: Ignore certain environment variables when setuid/setgid.

Specifically, ignore EGL_DRIVERS_PATH when an application is
setuid/setgid.  And ignore EGL_DRIVER when there is a slash in it.

---

 docs/egl.html            |    5 +++--
 src/egl/main/egldriver.c |   18 ++++++++++++++++--
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/docs/egl.html b/docs/egl.html
index 8a2ea7c..30cbe0e 100644
--- a/docs/egl.html
+++ b/docs/egl.html
@@ -131,7 +131,8 @@ runtime</p>
 <p>By default, the main library will look for drivers in the directory where
 the drivers are installed to.  This variable specifies a list of
 colon-separated directories where the main library will look for drivers, in
-addition to the default directory.</p>
+addition to the default directory.  This variable is ignored for setuid/setgid
+binaries.</p>
 
 </li>
 
@@ -139,7 +140,7 @@ addition to the default directory.</p>
 
 <p>This variable specifies a full path to an EGL driver and it forces the
 specified EGL driver to be loaded.  It comes in handy when one wants to test a
-specific driver.</p>
+specific driver.  This variable is ignored for setuid/setgid binaries.</p>
 
 </li>
 
diff --git a/src/egl/main/egldriver.c b/src/egl/main/egldriver.c
index 139f839..0ccdea7 100644
--- a/src/egl/main/egldriver.c
+++ b/src/egl/main/egldriver.c
@@ -415,6 +415,14 @@ _eglGetSearchPath(void)
       int ret;
 
       p = getenv("EGL_DRIVERS_PATH");
+#if defined(_EGL_PLATFORM_POSIX)
+      if (p && (geteuid() != getuid() || getegid() != getgid())) {
+         _eglLog(_EGL_DEBUG,
+               "ignore EGL_DRIVERS_PATH for setuid/setgid binaries");
+         p = NULL;
+      }
+#endif /* _EGL_PLATFORM_POSIX */
+
       if (p) {
          ret = snprintf(buffer, sizeof(buffer),
                "%s:%s", p, _EGL_DRIVER_SEARCH_DIR);
@@ -446,9 +454,15 @@ _eglPreloadUserDriver(void)
 
    env = getenv("EGL_DRIVER");
 #if defined(_EGL_PLATFORM_POSIX)
-   if (env && strchr(env, '/'))
+   if (env && strchr(env, '/')) {
       search_path = "";
-#endif
+      if ((geteuid() != getuid() || getegid() != getgid())) {
+         _eglLog(_EGL_DEBUG,
+               "ignore EGL_DRIVER for setuid/setgid binaries");
+         env = NULL;
+      }
+   }
+#endif /* _EGL_PLATFORM_POSIX */
    if (!env)
       return EGL_FALSE;

More information about the mesa-commit mailing list