[PATCH] env: let setenv() take printf arguments
Sascha Hauer
sha at pengutronix.de
Mon Jun 20 01:16:23 PDT 2022
On Mon, Jun 20, 2022 at 09:59:00AM +0200, Ahmad Fatoum wrote:
> Hello Sascha,
>
> On 20.06.22 09:47, Sascha Hauer wrote:
> > On Mon, Jun 20, 2022 at 09:21:39AM +0200, Ahmad Fatoum wrote:
> >> From: Sascha Hauer <s.hauer at pengutronix.de>
> >>
> >> It's a common pattern to (ba)sprintf to a string and then call setenv()
> >> with this string. Let setenv() take printf arguments to make that
> >> easier. To avoid the overhead that goes with changing other callers
> >> to using setenv(var, "%s", val) to avoid security implications (and
> >> GCC warnings), fallback to the non-formatted version when there are
> >> only two arguments.
> >>
> >> Signed-off-by: Sascha Hauer <s.hauer at pengutronix.de>
> >> [afa: fall back to non-formatted version on old two arg version]
> >> Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>
> >> ---
> >> Thoughts?
> >
> > While I'm impressed by this macro I don't like this very much. My desire
> > was to simplify things, now with this patch I'm no longer sure I reached
> > that goal.
>
> Usage _is_ simpler. Declaration indeed looks a bit odd, but ¯\_(ツ)_/¯
>
> >
> > Alternatively we could
> >
> > a) Drop the original patch
> > b) Replace the problematic places with setenv(foo, "%s", not_a_string_literal);
> > c) Pass -Wno-format-security, The Kernel does this for over a decade.
>
> Then it probably needs to be revisited there then.
>
> > My vote is c)
>
> I am not fine with c). We don't sanitize for % in environment variable values
> and ignoring the warning has very clear security implications.
Ok, good point.
Then there's of course
d) keep setenv like it was before and introduce
pr_setenv(const char *_name, const char *fmt, ...)
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the barebox
mailing list