Add OS::running_in_privileged_state

Avoid any getenv toggles or reading /proc if we are setuid/setgid. It is possible there is or will someday be some file in /proc that is world-readable, but if read by a privileged user causes some side effect.
author: Jack Lloyd <[email protected]> 2018-09-27 13:25:56 -0400
committer: Jack Lloyd <[email protected]> 2018-09-27 13:25:56 -0400
commit: 9d94c3f3e0cf9f1234497593516bc2776cc89a0b (patch)
tree: abc2c7850a07b173a657fd561661fd65fd090e08 /src/lib/ffi
parent: 62946a6d82df33fd7c78104f9151a2b6cdc8599e (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/lib/ffi/ffi.cpp b/src/lib/ffi/ffi.cpp
index 162d96438..65c8dbcb4 100644
--- a/src/lib/ffi/ffi.cpp
+++ b/src/lib/ffi/ffi.cpp
@@ -6,6 +6,7 @@
 
 #include <botan/ffi.h>
 #include <botan/internal/ffi_util.h>
+#include <botan/internal/os_utils.h>
 #include <botan/version.h>
 #include <botan/mem_ops.h>
 #include <botan/hex.h>
@@ -17,7 +18,7 @@ namespace Botan_FFI {
 
 int ffi_error_exception_thrown(const char* func_name, const char* exn, int rc)
    {
-   if(std::getenv("BOTAN_FFI_PRINT_EXCEPTIONS"))
+   if(Botan::OS::running_in_privileged_state() == false && std::getenv("BOTAN_FFI_PRINT_EXCEPTIONS") != nullptr)
       {
       std::fprintf(stderr, "in %s exception '%s' returning %d\n", func_name, exn, rc);
       }
author	Jack Lloyd <[email protected]>	2018-09-27 13:25:56 -0400
committer	Jack Lloyd <[email protected]>	2018-09-27 13:25:56 -0400
commit	9d94c3f3e0cf9f1234497593516bc2776cc89a0b (patch)
tree	abc2c7850a07b173a657fd561661fd65fd090e08 /src/lib/ffi
parent	62946a6d82df33fd7c78104f9151a2b6cdc8599e (diff)