1 files changed, 22 insertions, 9 deletions

diff --git a/lib/secure_getenv.c b/lib/secure_getenv.c
index 7b86173bb..821cb092d 100644
--- a/lib/secure_getenv.c
+++ b/lib/secure_getenv.c
@@ -1,6 +1,6 @@
-/* Look up an environment variable more securely.
+/* Look up an environment variable, returning NULL in insecure situations.
 
-   Copyright 2013-2014 Free Software Foundation, Inc.
+   Copyright 2013-2016 Free Software Foundation, Inc.
 
    This program is free software: you can redistribute it and/or modify it
    under the terms of the GNU Lesser General Public License as published
@@ -20,22 +20,35 @@
 #include <stdlib.h>
 
 #if !HAVE___SECURE_GETENV
-# if HAVE_ISSETUGID
+# if HAVE_ISSETUGID || (HAVE_GETUID && HAVE_GETEUID && HAVE_GETGID && HAVE_GETEGID)
 #  include <unistd.h>
-# else
-#  undef issetugid
-#  define issetugid() 1
 # endif
 #endif
 
 char *
 secure_getenv (char const *name)
 {
-#if HAVE___SECURE_GETENV
+#if HAVE___SECURE_GETENV /* glibc */
   return __secure_getenv (name);
-#else
+#elif HAVE_ISSETUGID /* OS X, FreeBSD, NetBSD, OpenBSD */
   if (issetugid ())
-    return 0;
+    return NULL;
+  return getenv (name);
+#elif HAVE_GETUID && HAVE_GETEUID && HAVE_GETGID && HAVE_GETEGID /* other Unix */
+  if (geteuid () != getuid () || getegid () != getgid ())
+    return NULL;
   return getenv (name);
+#elif (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__ /* native Windows */
+  /* On native Windows, there is no such concept as setuid or setgid binaries.
+     - Programs launched as system services have high privileges, but they don't
+       inherit environment variables from a user.
+     - Programs launched by a user with "Run as Administrator" have high
+       privileges and use the environment variables, but the user has been asked
+       whether he agrees.
+     - Programs launched by a user without "Run as Administrator" cannot gain
+       high privileges, therefore there is no risk. */
+  return getenv (name);
+#else
+  return NULL;
 #endif
 }