[Progress Communities] [Progress OpenEdge ABL] Forum Post: RE: TMPDIR environment variable

[Matt Gilarde]

[quote user="Stefan Drissen"] knowledgebase.progress.com/.../P71053 The exclamation mark could indicate that you have raised this question with tech support before ;-) [/quote] Bug OE00101832, which is referenced in this KB article, has detailed information about the issue. Below is what Mike Furgal wrote when closing the bug (14 years ago!). He wrote a C program which retrieves the value of TMPDIR. He made two versions of the program - one that runs as a normal user and one that runs as root. The normal version can see TMPDIR and the root version can't.

I have narrowed this down to the following C program: #include main(argc,argv) int argc; char *argv[]; { char *p = (char *)0; p = getenv(argv[1]); if (p == (char *)0) printf("%s not set\n",argv[1]); else printf("%s = %s\n",argv[1],p); ~ When this is compile using the following steps # gcc -o getenv getenv.c # cp getenv rootgetenv # su root# chown root rootgetenv root# chmod u+s rootgentenv root# exit # ls -l total 36 -rwxrwxr-x 1 mikef rdl 13919 Mar 11 09:46 getenv -rw-rw-r-- 1 mikef rdl 253 Mar 11 09:44 getenv.c -rwsrwxr-x 1 root rdl 13919 Mar 11 09:44 rootgetenv # TMPDIR=/usr1/100a/wrk/mikef/tmp; export TMPDIR # echo $TMPDIR /usr1/100a/wrk/mikef/tmp # ./getenv TMPDIR TMPDIR = /usr1/100a/wrk/mikef/tmp # ./rootgetenv TMPDIR TMPDIR not set However if I use a different variable it works fine. This is tied specifically to the TMPDIR environment variable. Also, when I su on the machine I notice that my TMPDIR environment setting is gone while other environment variable settings remain. $TMPDIR is used in many Unlx/Linux commands and system calls, so it looks to me like a security hole was closed by making root processes lose the setting. Most other environment variables are retained across a setuid() boundary.

Continue reading...