src: make copies of startup environment variables by bnoordhuis · Pull Request #11051 · nodejs/node
Expand Up
@@ -156,7 +156,7 @@ static const char* trace_enabled_categories = nullptr;
#if defined(NODE_HAVE_I18N_SUPPORT) // Path to ICU data (for i18n / Intl) static const char* icu_data_dir = nullptr; static std::string icu_data_dir; // NOLINT(runtime/string) #endif
// used by C++ modules as well Expand Down Expand Up @@ -189,7 +189,7 @@ bool trace_warnings = false; bool config_preserve_symlinks = false;
// Set in node.cc by ParseArgs when --redirect-warnings= is used. const char* config_warning_file; std::string config_warning_file; // NOLINT(runtime/string)
bool v8_initialized = false;
Expand Down Expand Up @@ -924,12 +924,21 @@ Local<Value> UVException(Isolate* isolate,
// Look up environment variable unless running as setuid root. inline const char* secure_getenv(const char* key) { inline bool SafeGetenv(const char* key, std::string* text) { #ifndef _WIN32 if (getuid() != geteuid() || getgid() != getegid()) return nullptr; // TODO(bnoordhuis) Should perhaps also check whether getauxval(AT_SECURE) // is non-zero on Linux. if (getuid() != geteuid() || getgid() != getegid()) { text->clear(); return false; } #endif return getenv(key); if (const char* value = getenv(key)) { *text = value; return true; } text->clear(); return false; }
Expand Down Expand Up @@ -3089,11 +3098,11 @@ void SetupProcessObject(Environment* env, #if defined(NODE_HAVE_I18N_SUPPORT) && defined(U_ICU_VERSION) // ICU-related versions are now handled on the js side, see bootstrap_node.js
if (icu_data_dir != nullptr) { if (!icu_data_dir.empty()) { // Did the user attempt (via env var or parameter) to set an ICU path? READONLY_PROPERTY(process, "icu_data_dir", OneByteString(env->isolate(), icu_data_dir)); OneByteString(env->isolate(), icu_data_dir.c_str())); } #endif
Expand Down Expand Up @@ -3741,7 +3750,7 @@ static void ParseArgs(int* argc, #endif /* HAVE_OPENSSL */ #if defined(NODE_HAVE_I18N_SUPPORT) } else if (strncmp(arg, "--icu-data-dir=", 15) == 0) { icu_data_dir = arg + 15; icu_data_dir.assign(arg, 15); #endif } else if (strcmp(arg, "--expose-internals") == 0 || strcmp(arg, "--expose_internals") == 0) { Expand Down Expand Up @@ -4228,13 +4237,14 @@ void Init(int* argc, #endif
// Allow for environment set preserving symlinks. if (auto preserve_symlinks = secure_getenv("NODE_PRESERVE_SYMLINKS")) { config_preserve_symlinks = (*preserve_symlinks == '1'); { std::string text; config_preserve_symlinks = SafeGetenv("NODE_PRESERVE_SYMLINKS", &text) && text[0] == '1'; }
if (auto redirect_warnings = secure_getenv("NODE_REDIRECT_WARNINGS")) { config_warning_file = redirect_warnings; } if (config_warning_file.empty()) SafeGetenv("NODE_REDIRECT_WARNINGS", &config_warning_file);
// Parse a few arguments which are specific to Node. int v8_argc; Expand Down Expand Up @@ -4262,12 +4272,11 @@ void Init(int* argc, #endif
#if defined(NODE_HAVE_I18N_SUPPORT) if (icu_data_dir == nullptr) { // if the parameter isn't given, use the env variable. icu_data_dir = secure_getenv("NODE_ICU_DATA"); } // If the parameter isn't given, use the env variable. if (icu_data_dir.empty()) SafeGetenv("NODE_ICU_DATA", &icu_data_dir); // Initialize ICU. // If icu_data_dir is nullptr here, it will load the 'minimal' data. // If icu_data_dir is empty here, it will load the 'minimal' data. if (!i18n::InitializeICUDirectory(icu_data_dir)) { FatalError(nullptr, "Could not initialize ICU " "(check NODE_ICU_DATA or --icu-data-dir parameters)"); Expand Down Expand Up @@ -4532,8 +4541,11 @@ int Start(int argc, char** argv) { Init(&argc, const_cast<const char**>(argv), &exec_argc, &exec_argv);
#if HAVE_OPENSSL if (const char* extra = secure_getenv("NODE_EXTRA_CA_CERTS")) crypto::UseExtraCaCerts(extra); { std::string extra_ca_certs; if (SafeGetenv("NODE_EXTRA_CA_CERTS", &extra_ca_certs)) crypto::UseExtraCaCerts(extra_ca_certs); } #ifdef NODE_FIPS_MODE // In the case of FIPS builds we should make sure // the random source is properly initialized first. Expand All @@ -4542,7 +4554,7 @@ int Start(int argc, char** argv) { // V8 on Windows doesn't have a good source of entropy. Seed it from // OpenSSL's pool. V8::SetEntropySource(crypto::EntropySource); #endif #endif // HAVE_OPENSSL
v8_platform.Initialize(v8_thread_pool_size); // Enable tracing when argv has --trace-events-enabled. Expand Down
#if defined(NODE_HAVE_I18N_SUPPORT) // Path to ICU data (for i18n / Intl) static const char* icu_data_dir = nullptr; static std::string icu_data_dir; // NOLINT(runtime/string) #endif
// used by C++ modules as well Expand Down Expand Up @@ -189,7 +189,7 @@ bool trace_warnings = false; bool config_preserve_symlinks = false;
// Set in node.cc by ParseArgs when --redirect-warnings= is used. const char* config_warning_file; std::string config_warning_file; // NOLINT(runtime/string)
bool v8_initialized = false;
Expand Down Expand Up @@ -924,12 +924,21 @@ Local<Value> UVException(Isolate* isolate,
// Look up environment variable unless running as setuid root. inline const char* secure_getenv(const char* key) { inline bool SafeGetenv(const char* key, std::string* text) { #ifndef _WIN32 if (getuid() != geteuid() || getgid() != getegid()) return nullptr; // TODO(bnoordhuis) Should perhaps also check whether getauxval(AT_SECURE) // is non-zero on Linux. if (getuid() != geteuid() || getgid() != getegid()) { text->clear(); return false; } #endif return getenv(key); if (const char* value = getenv(key)) { *text = value; return true; } text->clear(); return false; }
Expand Down Expand Up @@ -3089,11 +3098,11 @@ void SetupProcessObject(Environment* env, #if defined(NODE_HAVE_I18N_SUPPORT) && defined(U_ICU_VERSION) // ICU-related versions are now handled on the js side, see bootstrap_node.js
if (icu_data_dir != nullptr) { if (!icu_data_dir.empty()) { // Did the user attempt (via env var or parameter) to set an ICU path? READONLY_PROPERTY(process, "icu_data_dir", OneByteString(env->isolate(), icu_data_dir)); OneByteString(env->isolate(), icu_data_dir.c_str())); } #endif
Expand Down Expand Up @@ -3741,7 +3750,7 @@ static void ParseArgs(int* argc, #endif /* HAVE_OPENSSL */ #if defined(NODE_HAVE_I18N_SUPPORT) } else if (strncmp(arg, "--icu-data-dir=", 15) == 0) { icu_data_dir = arg + 15; icu_data_dir.assign(arg, 15); #endif } else if (strcmp(arg, "--expose-internals") == 0 || strcmp(arg, "--expose_internals") == 0) { Expand Down Expand Up @@ -4228,13 +4237,14 @@ void Init(int* argc, #endif
// Allow for environment set preserving symlinks. if (auto preserve_symlinks = secure_getenv("NODE_PRESERVE_SYMLINKS")) { config_preserve_symlinks = (*preserve_symlinks == '1'); { std::string text; config_preserve_symlinks = SafeGetenv("NODE_PRESERVE_SYMLINKS", &text) && text[0] == '1'; }
if (auto redirect_warnings = secure_getenv("NODE_REDIRECT_WARNINGS")) { config_warning_file = redirect_warnings; } if (config_warning_file.empty()) SafeGetenv("NODE_REDIRECT_WARNINGS", &config_warning_file);
// Parse a few arguments which are specific to Node. int v8_argc; Expand Down Expand Up @@ -4262,12 +4272,11 @@ void Init(int* argc, #endif
#if defined(NODE_HAVE_I18N_SUPPORT) if (icu_data_dir == nullptr) { // if the parameter isn't given, use the env variable. icu_data_dir = secure_getenv("NODE_ICU_DATA"); } // If the parameter isn't given, use the env variable. if (icu_data_dir.empty()) SafeGetenv("NODE_ICU_DATA", &icu_data_dir); // Initialize ICU. // If icu_data_dir is nullptr here, it will load the 'minimal' data. // If icu_data_dir is empty here, it will load the 'minimal' data. if (!i18n::InitializeICUDirectory(icu_data_dir)) { FatalError(nullptr, "Could not initialize ICU " "(check NODE_ICU_DATA or --icu-data-dir parameters)"); Expand Down Expand Up @@ -4532,8 +4541,11 @@ int Start(int argc, char** argv) { Init(&argc, const_cast<const char**>(argv), &exec_argc, &exec_argv);
#if HAVE_OPENSSL if (const char* extra = secure_getenv("NODE_EXTRA_CA_CERTS")) crypto::UseExtraCaCerts(extra); { std::string extra_ca_certs; if (SafeGetenv("NODE_EXTRA_CA_CERTS", &extra_ca_certs)) crypto::UseExtraCaCerts(extra_ca_certs); } #ifdef NODE_FIPS_MODE // In the case of FIPS builds we should make sure // the random source is properly initialized first. Expand All @@ -4542,7 +4554,7 @@ int Start(int argc, char** argv) { // V8 on Windows doesn't have a good source of entropy. Seed it from // OpenSSL's pool. V8::SetEntropySource(crypto::EntropySource); #endif #endif // HAVE_OPENSSL
v8_platform.Initialize(v8_thread_pool_size); // Enable tracing when argv has --trace-events-enabled. Expand Down