From eb1fa9f78e0468ddb47d214cd3ddca00fe7c3ccc Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Sun, 15 Nov 2009 18:59:55 +0000
Subject: [PATCH] When running set[ug]id, don't check the environment.

Idea from OpenBSD, but made a bit more generic to handle uncivilized lands
that do not define issetugid.

svn:r1529
---
 ChangeLog        |  1 +
 configure.in     |  2 +-
 devpoll.c        |  2 +-
 epoll.c          |  2 +-
 event-internal.h |  3 +++
 event.c          |  2 +-
 evport.c         |  2 +-
 evutil.c         | 31 +++++++++++++++++++++++++++++++
 kqueue.c         |  3 +--
 poll.c           |  2 +-
 select.c         |  2 +-
 11 files changed, 43 insertions(+), 9 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index cb263026..50eb6b36 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,7 @@ Changes in 1.4.13-stable:
  o Rename our replacement compat/sys/_time.h header to avoid build a conflict on HPUX; reported by Kathryn Hogg.
  o Build kqueue.c correctly on GNU/kFreeBSD platforms. Patch pulled upstream from Debian.
  o Fix a problem with excessive memory allocation when using multiple event priorities.
+ o When running set[ug]id, don't check the environment. Based on a patch from OpenBSD.
 
 
 Changes in 1.4.12-stable:
diff --git a/configure.in b/configure.in
index 620fd41c..439a5904 100644
--- a/configure.in
+++ b/configure.in
@@ -136,7 +136,7 @@ AC_C_INLINE
 AC_HEADER_TIME
 
 dnl Checks for library functions.
-AC_CHECK_FUNCS(gettimeofday vasprintf fcntl clock_gettime strtok_r strsep getaddrinfo getnameinfo strlcpy inet_ntop signal sigaction strtoll)
+AC_CHECK_FUNCS(gettimeofday vasprintf fcntl clock_gettime strtok_r strsep getaddrinfo getnameinfo strlcpy inet_ntop signal sigaction strtoll issetugid geteuid getegid)
 
 AC_CHECK_SIZEOF(long)
 
diff --git a/devpoll.c b/devpoll.c
index 985e589b..2d34ae34 100644
--- a/devpoll.c
+++ b/devpoll.c
@@ -131,7 +131,7 @@ devpoll_init(struct event_base *base)
 	struct devpollop *devpollop;
 
 	/* Disable devpoll when this environment variable is set */
-	if (getenv("EVENT_NODEVPOLL"))
+	if (evutil_getenv("EVENT_NODEVPOLL"))
 		return (NULL);
 
 	if (!(devpollop = calloc(1, sizeof(struct devpollop))))
diff --git a/epoll.c b/epoll.c
index d6028794..4387ef89 100644
--- a/epoll.c
+++ b/epoll.c
@@ -113,7 +113,7 @@ epoll_init(struct event_base *base)
 	struct epollop *epollop;
 
 	/* Disable epollueue when this environment variable is set */
-	if (getenv("EVENT_NOEPOLL"))
+	if (evutil_getenv("EVENT_NOEPOLL"))
 		return (NULL);
 
 	/* Initalize the kernel queue */
diff --git a/event-internal.h b/event-internal.h
index 7485f217..b7f00402 100644
--- a/event-internal.h
+++ b/event-internal.h
@@ -91,6 +91,9 @@ int _evsignal_set_handler(struct event_base *base, int evsignal,
 			  void (*fn)(int));
 int _evsignal_restore_handler(struct event_base *base, int evsignal);
 
+/* defined in evutil.c */
+const char *evutil_getenv(const char *varname);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/event.c b/event.c
index 7bfdceb0..d7ccd3f1 100644
--- a/event.c
+++ b/event.c
@@ -193,7 +193,7 @@ event_base_new(void)
 	if (base->evbase == NULL)
 		event_errx(1, "%s: no event mechanism available", __func__);
 
-	if (getenv("EVENT_SHOW_METHOD")) 
+	if (evutil_getenv("EVENT_SHOW_METHOD")) 
 		event_msgx("libevent using: %s\n",
 			   base->evsel->name);
 
diff --git a/evport.c b/evport.c
index dae6900c..a2ee1bce 100644
--- a/evport.c
+++ b/evport.c
@@ -143,7 +143,7 @@ evport_init(struct event_base *base)
 	/*
 	 * Disable event ports when this environment variable is set 
 	 */
-	if (getenv("EVENT_NOEVPORT"))
+	if (evutil_getenv("EVENT_NOEVPORT"))
 		return (NULL);
 
 	if (!(evpd = calloc(1, sizeof(struct evport_data))))
diff --git a/evutil.c b/evutil.c
index 311b9629..b920a3e6 100644
--- a/evutil.c
+++ b/evutil.c
@@ -54,6 +54,9 @@
 #endif
 #include <stdio.h>
 
+#include <sys/queue.h>
+#include "event.h"
+#include "event-internal.h"
 #include "evutil.h"
 #include "log.h"
 
@@ -243,3 +246,31 @@ evutil_vsnprintf(char *buf, size_t buflen, const char *format, va_list ap)
 	return r;
 #endif
 }
+
+static int
+evutil_issetugid(void)
+{
+#ifdef _EVENT_HAVE_ISSETUGID
+	return issetugid();
+#else
+
+#ifdef _EVENT_HAVE_GETEUID
+	if (getuid() != geteuid())
+		return 1;
+#endif
+#ifdef _EVENT_HAVE_GETEGID
+	if (getgid() != getegid())
+		return 1;
+#endif
+	return 0;
+#endif
+}
+
+const char *
+evutil_getenv(const char *varname)
+{
+	if (evutil_issetugid())
+		return NULL;
+
+	return getenv(varname);
+}
diff --git a/kqueue.c b/kqueue.c
index 6946cbeb..556b73c0 100644
--- a/kqueue.c
+++ b/kqueue.c
@@ -63,7 +63,6 @@
 #include "event.h"
 #include "event-internal.h"
 #include "log.h"
-#include "event-internal.h"
 
 #define EVLIST_X_KQINKERNEL	0x1000
 
@@ -103,7 +102,7 @@ kq_init(struct event_base *base)
 	struct kqop *kqueueop;
 
 	/* Disable kqueue when this environment variable is set */
-	if (getenv("EVENT_NOKQUEUE"))
+	if (evutil_getenv("EVENT_NOKQUEUE"))
 		return (NULL);
 
 	if (!(kqueueop = calloc(1, sizeof(struct kqop))))
diff --git a/poll.c b/poll.c
index 637c172b..2aa245b3 100644
--- a/poll.c
+++ b/poll.c
@@ -87,7 +87,7 @@ poll_init(struct event_base *base)
 	struct pollop *pollop;
 
 	/* Disable poll when this environment variable is set */
-	if (getenv("EVENT_NOPOLL"))
+	if (evutil_getenv("EVENT_NOPOLL"))
 		return (NULL);
 
 	if (!(pollop = calloc(1, sizeof(struct pollop))))
diff --git a/select.c b/select.c
index 156df833..3f733313 100644
--- a/select.c
+++ b/select.c
@@ -102,7 +102,7 @@ select_init(struct event_base *base)
 	struct selectop *sop;
 
 	/* Disable select when this environment variable is set */
-	if (getenv("EVENT_NOSELECT"))
+	if (evutil_getenv("EVENT_NOSELECT"))
 		return (NULL);
 
 	if (!(sop = calloc(1, sizeof(struct selectop))))