Add OS::running_in_privileged_state

Avoid any getenv toggles or reading /proc if we are setuid/setgid. It is possible there is or will someday be some file in /proc that is world-readable, but if read by a privileged user causes some side effect.
author: Jack Lloyd <[email protected]> 2018-09-27 13:25:56 -0400
committer: Jack Lloyd <[email protected]> 2018-09-27 13:25:56 -0400
commit: 9d94c3f3e0cf9f1234497593516bc2776cc89a0b (patch)
tree: abc2c7850a07b173a657fd561661fd65fd090e08 /src/lib/entropy
parent: 62946a6d82df33fd7c78104f9151a2b6cdc8599e (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/lib/entropy/entropy_srcs.cpp b/src/lib/entropy/entropy_srcs.cpp
index 9141db366..85e0b6dc5 100644
--- a/src/lib/entropy/entropy_srcs.cpp
+++ b/src/lib/entropy/entropy_srcs.cpp
@@ -30,6 +30,7 @@
 
 #if defined(BOTAN_HAS_ENTROPY_SRC_PROC_WALKER)
   #include <botan/internal/proc_walk.h>
+  #include <botan/internal/os_utils.h>
 #endif
 
 #if defined(BOTAN_HAS_ENTROPY_SRC_GETENTROPY)
@@ -97,7 +98,7 @@ std::unique_ptr<Entropy_Source> Entropy_Source::create(const std::string& name)
 #endif
 
 #if defined(BOTAN_HAS_ENTROPY_SRC_PROC_WALKER)
-   if(name == "proc_walk")
+   if(name == "proc_walk" && OS::running_in_privileged_state() == false)
       {
       const std::string root_dir = BOTAN_ENTROPY_PROC_FS_PATH;
       if(!root_dir.empty())
author	Jack Lloyd <[email protected]>	2018-09-27 13:25:56 -0400
committer	Jack Lloyd <[email protected]>	2018-09-27 13:25:56 -0400
commit	9d94c3f3e0cf9f1234497593516bc2776cc89a0b (patch)
tree	abc2c7850a07b173a657fd561661fd65fd090e08 /src/lib/entropy
parent	62946a6d82df33fd7c78104f9151a2b6cdc8599e (diff)