[glib: 2/3] g_check_setuid: implement using getauxval(AT_SECURE) with glibc

[Xavier Claessens <xclaesse src gnome org>]

commit a7fefb0e4ef17883f55a0798c925c6f8d98ae964
Author: Christoph Reiter <creiter src gnome org>
Date:   Thu May 31 11:31:23 2018 +0200

    g_check_setuid: implement using getauxval(AT_SECURE) with glibc
    
    See commit 4c2928a544829 for why checking AT_SECURE is preferable compared
    to UID checks as currently done in the fallback case.
    
    getauxval() was added with glibc 2.16
    
    While glibc <2.19 didn't provide a way to differentiate a 0 return value from an error,
    passing AT_SECURE should always succeed according to
    https://sourceware.org/ml/libc-alpha/2014-07/msg00407.html
    I've added an errno check anyway, to be on the safe side.

 config.h.meson |  3 +++
 configure.ac   |  2 +-
 glib/gutils.c  | 15 +++++++++++++--
 meson.build    |  1 +
 4 files changed, 18 insertions(+), 3 deletions(-)
---
diff --git a/config.h.meson b/config.h.meson
index 5752751ed..e9f4c4e6d 100644
--- a/config.h.meson
+++ b/config.h.meson
@@ -525,6 +525,9 @@
    */
 #mesondefine HAVE_SYS_DIR_H
 
+/* Define to 1 if you have the <sys/auxv.h> header file. */
+#mesondefine HAVE_SYS_AUXV_H
+
 /* Define to 1 if you have the <sys/event.h> header file. */
 #mesondefine HAVE_SYS_EVENT_H
 
diff --git a/configure.ac b/configure.ac
index 18752b264..8d05659ca 100644
--- a/configure.ac
+++ b/configure.ac
@@ -674,7 +674,7 @@ fi
 # check for header files
 AC_CHECK_HEADERS([sys/param.h sys/resource.h mach/mach_time.h])
 AC_CHECK_HEADERS([sys/select.h stdint.h inttypes.h sched.h malloc.h])
-AC_CHECK_HEADERS([sys/vfs.h sys/vmount.h sys/statfs.h sys/statvfs.h sys/filio.h])
+AC_CHECK_HEADERS([sys/vfs.h sys/vmount.h sys/statfs.h sys/statvfs.h sys/filio.h sys/auxv.h])
 AC_CHECK_HEADERS([mntent.h sys/mnttab.h sys/vfstab.h sys/mntctl.h fstab.h])
 AC_CHECK_HEADERS([linux/magic.h])
 AC_CHECK_HEADERS([termios.h])
diff --git a/glib/gutils.c b/glib/gutils.c
index 5527a402c..2b750aba9 100644
--- a/glib/gutils.c
+++ b/glib/gutils.c
@@ -50,6 +50,9 @@
 #ifdef HAVE_CRT_EXTERNS_H 
 #include <crt_externs.h> /* for _NSGetEnviron */
 #endif
+#ifdef HAVE_SYS_AUXV_H
+#include <sys/auxv.h>
+#endif
 
 #include "glib-init.h"
 #include "glib-private.h"
@@ -2500,9 +2503,17 @@ const gchar *g_get_tmp_dir_utf8 (void) { return g_get_tmp_dir (); }
 gboolean
 g_check_setuid (void)
 {
-/* TODO: use getauxval(AT_SECURE) if available */
+#if defined(HAVE_SYS_AUXV_H)
+  unsigned long value;
+  int errsv;
 
-#if defined(HAVE_ISSETUGID) && !defined(__BIONIC__)
+  errno = 0;
+  value = getauxval (AT_SECURE);
+  errsv = errno;
+  if (errsv)
+    g_error ("getauxval () failed: %s", g_strerror (errsv));
+  return value;
+#elif defined(HAVE_ISSETUGID) && !defined(__BIONIC__)
   /* BSD: http://www.freebsd.org/cgi/man.cgi?query=issetugid&sektion=2 */
 
   /* Android had it in older versions but the new 64 bit ABI does not
diff --git a/meson.build b/meson.build
index 6eb67cff2..a89ca55cd 100644
--- a/meson.build
+++ b/meson.build
@@ -229,6 +229,7 @@ headers = [
   'stdlib.h',
   'string.h',
   'strings.h',
+  'sys/auxv.h',
   'sys/event.h',
   'sys/filio.h',
   'sys/inotify.h',