Richard W.M. Jones
2023-May-07 10:43 UTC
[Libguestfs] [PATCH nbdkit] server: Add -D nbdkit.environ=1 to dump the environment
This is not secure so should not be used routinely. Also we do not attempt to filter environment variables, so even ones containing multiple lines or special characters are all sent to nbdkit_debug. The reason for adding this is to allow for debugging the new nbd_set_socket_activation_name(3) API added in libnbd 1.16. --- docs/nbdkit.pod | 10 ++++++++++ server/main.c | 28 ++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/docs/nbdkit.pod b/docs/nbdkit.pod index 83cf6a11c..22350cc08 100644 --- a/docs/nbdkit.pod +++ b/docs/nbdkit.pod @@ -619,6 +619,16 @@ are numerous and not usually very interesting. S<I<-D nbdkit.backend.controlpath=0>> suppresses the non-datapath commands (config, open, close, can_write, etc.) +=item B<-D nbdkit.environ=1> + +(not Windows) + +Print nbdkit's environment variables in the debug output at start up. +This is insecure because environment variables may contain both +sensitive and user-controlled information, so it should not be used +routinely. But it is useful for tracking down problems related to +environment variables. + =item B<-D nbdkit.tls.log=>N Enable TLS logging. C<N> can be in the range 0 (no logging) to 99. diff --git a/server/main.c b/server/main.c index 1df5d69ac..7b6adc3cc 100644 --- a/server/main.c +++ b/server/main.c @@ -210,6 +210,26 @@ dump_config (void) #endif } +#ifndef WIN32 + +/* -D nbdkit.environ=1 to dump the environment at start up. */ +NBDKIT_DLL_PUBLIC int nbdkit_debug_environ; + +#ifndef HAVE_ENVIRON_DECL +extern char **environ; +#endif + +static void +dump_environment (void) +{ + size_t i; + + for (i = 0; environ[i]; ++i) + nbdkit_debug ("%s", environ[i]); +} + +#endif /* !WIN32 */ + int main (int argc, char *argv[]) { @@ -662,6 +682,14 @@ main (int argc, char *argv[]) /* Check all debug flags were used, and free them. */ free_debug_flags (); +#ifndef WIN32 + /* Dump the environment if asked. This is the earliest we can do it + * because it uses a debug flag. + */ + if (nbdkit_debug_environ && verbose) + dump_environment (); +#endif + if (help) { struct backend *b; -- 2.39.2
Laszlo Ersek
2023-May-08 06:54 UTC
[Libguestfs] [PATCH nbdkit] server: Add -D nbdkit.environ=1 to dump the environment
On 5/7/23 12:43, Richard W.M. Jones wrote:> This is not secure so should not be used routinely. Also we do not > attempt to filter environment variables, so even ones containing > multiple lines or special characters are all sent to nbdkit_debug. > > The reason for adding this is to allow for debugging the new > nbd_set_socket_activation_name(3) API added in libnbd 1.16. > --- > docs/nbdkit.pod | 10 ++++++++++ > server/main.c | 28 ++++++++++++++++++++++++++++ > 2 files changed, 38 insertions(+) > > diff --git a/docs/nbdkit.pod b/docs/nbdkit.pod > index 83cf6a11c..22350cc08 100644 > --- a/docs/nbdkit.pod > +++ b/docs/nbdkit.pod > @@ -619,6 +619,16 @@ are numerous and not usually very interesting. > S<I<-D nbdkit.backend.controlpath=0>> suppresses the non-datapath > commands (config, open, close, can_write, etc.) > > +=item B<-D nbdkit.environ=1> > + > +(not Windows) > + > +Print nbdkit's environment variables in the debug output at start up. > +This is insecure because environment variables may contain both > +sensitive and user-controlled information, so it should not be used > +routinely. But it is useful for tracking down problems related to > +environment variables. > + > =item B<-D nbdkit.tls.log=>N > > Enable TLS logging. C<N> can be in the range 0 (no logging) to 99. > diff --git a/server/main.c b/server/main.c > index 1df5d69ac..7b6adc3cc 100644 > --- a/server/main.c > +++ b/server/main.c > @@ -210,6 +210,26 @@ dump_config (void) > #endif > } > > +#ifndef WIN32 > + > +/* -D nbdkit.environ=1 to dump the environment at start up. */ > +NBDKIT_DLL_PUBLIC int nbdkit_debug_environ; > + > +#ifndef HAVE_ENVIRON_DECL > +extern char **environ; > +#endif > + > +static void > +dump_environment (void) > +{ > + size_t i; > + > + for (i = 0; environ[i]; ++i) > + nbdkit_debug ("%s", environ[i]); > +} > + > +#endif /* !WIN32 */ > + > int > main (int argc, char *argv[]) > { > @@ -662,6 +682,14 @@ main (int argc, char *argv[]) > /* Check all debug flags were used, and free them. */ > free_debug_flags (); > > +#ifndef WIN32 > + /* Dump the environment if asked. This is the earliest we can do it > + * because it uses a debug flag. > + */ > + if (nbdkit_debug_environ && verbose) > + dump_environment (); > +#endif > + > if (help) { > struct backend *b; >I was surprised not to see any assignment to the new global variable, but then I found "server/debug-flags.c"; that's some serious wizardry. Side thought: should we not make both "nbdkit_debug_environ" (and friends), and the target of the "sym" pointer in "apply_debug_flags", volatile? Aliasing doesn't get much more obscure than this, and I wonder if this has the potential to blow up later, when compilers (and processors) get even more clever. Of course POSIX could always say "this is just required to work", which I guess would be fine, but currently it doesn't seem to say it. Anyway: Acked-by: Laszlo Ersek <lersek at redhat.com> Thanks for writing the patch! Laszlo
Eric Blake
2023-May-08 13:35 UTC
[Libguestfs] [PATCH nbdkit] server: Add -D nbdkit.environ=1 to dump the environment
On Sun, May 07, 2023 at 11:43:17AM +0100, Richard W.M. Jones wrote:> This is not secure so should not be used routinely. Also we do not > attempt to filter environment variables, so even ones containing > multiple lines or special characters are all sent to nbdkit_debug. > > The reason for adding this is to allow for debugging the new > nbd_set_socket_activation_name(3) API added in libnbd 1.16. > ---> +static void > +dump_environment (void) > +{ > + size_t i; > + > + for (i = 0; environ[i]; ++i) > + nbdkit_debug ("%s", environ[i]);We have shell_quote in common/utils/quote.c; shouldn't we use it here to avoid ambiguities when an env-var contains newline?> +} > + > +#endif /* !WIN32 */ > + > int > main (int argc, char *argv[]) > { > @@ -662,6 +682,14 @@ main (int argc, char *argv[]) > /* Check all debug flags were used, and free them. */ > free_debug_flags (); > > +#ifndef WIN32 > + /* Dump the environment if asked. This is the earliest we can do it > + * because it uses a debug flag. > + */ > + if (nbdkit_debug_environ && verbose) > + dump_environment ();Why does this not work on WIN32? -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
Apparently Analagous Threads
- [PATCH nbdkit] freebsd, openbsd: Add an extern decl for environ.
- [PATCH nbdkit 4/7] server: Allow -D nbdkit.* debug flags for the core server.
- [PATCH nbdkit 3/9] server: Add log_verror function.
- [PATCH nbdkit 2/9] server: Rename replacement vfprintf function.
- 2nd try: Lots of RPC-related compile errors (conflicting types, too many arguments, ...) trying to update Samba from 3.5 to 4.6