nss: use secure_getenv for behaviour-modifying booleans (#6817)

Follow up for fe102d6ab15731a199a7ea9f38c4f68d8959f86c.

1 files changed, 4 insertions, 4 deletions

diff --git a/src/nss-mymachines/nss-mymachines.c b/src/nss-mymachines/nss-mymachines.c
index ea90953abb..6e468853a2 100644
--- a/src/nss-mymachines/nss-mymachines.c
+++ b/src/nss-mymachines/nss-mymachines.c
@@ -435,7 +435,7 @@ enum nss_status _nss_mymachines_getpwnam_r(
         if (!machine_name_is_valid(machine))
                 goto not_found;
 
-        if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0)
+        if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0)
                 /* Make sure we can't deadlock if we are invoked by dbus-daemon. This way, it won't be able to resolve
                  * these UIDs, but that should be unproblematic as containers should never be able to connect to a bus
                  * running on the host. */
@@ -519,7 +519,7 @@ enum nss_status _nss_mymachines_getpwuid_r(
         if (uid < HOST_UID_LIMIT)
                 goto not_found;
 
-        if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0)
+        if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0)
                 goto not_found;
 
         r = sd_bus_open_system(&bus);
@@ -613,7 +613,7 @@ enum nss_status _nss_mymachines_getgrnam_r(
         if (!machine_name_is_valid(machine))
                 goto not_found;
 
-        if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0)
+        if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0)
                 goto not_found;
 
         r = sd_bus_open_system(&bus);
@@ -691,7 +691,7 @@ enum nss_status _nss_mymachines_getgrgid_r(
         if (gid < HOST_GID_LIMIT)
                 goto not_found;
 
-        if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0)
+        if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0)
                 goto not_found;
 
         r = sd_bus_open_system(&bus);