if (!machine_name_is_valid(machine))
goto not_found;
- if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0)
+ if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0)
/* Make sure we can't deadlock if we are invoked by dbus-daemon. This way, it won't be able to resolve
* these UIDs, but that should be unproblematic as containers should never be able to connect to a bus
* running on the host. */
if (uid < HOST_UID_LIMIT)
goto not_found;
- if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0)
+ if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0)
goto not_found;
r = sd_bus_open_system(&bus);
if (!machine_name_is_valid(machine))
goto not_found;
- if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0)
+ if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0)
goto not_found;
r = sd_bus_open_system(&bus);
if (gid < HOST_GID_LIMIT)
goto not_found;
- if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0)
+ if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0)
goto not_found;
r = sd_bus_open_system(&bus);
goto not_found;
/* Synthesize entries for the root and nobody users, in case they are missing in /etc/passwd */
- if (getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
+ if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
if (streq(name, root_passwd.pw_name)) {
*pwd = root_passwd;
*errnop = 0;
}
/* Make sure that we don't go in circles when allocating a dynamic UID by checking our own database */
- if (getenv_bool("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
+ if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
goto not_found;
- if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0) {
+ if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0) {
/* Access the dynamic UID allocation directly if we are called from dbus-daemon, see above. */
r = direct_lookup_name(name, (uid_t*) &translated);
goto not_found;
/* Synthesize data for the root user and for nobody in case they are missing from /etc/passwd */
- if (getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
+ if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
if (uid == root_passwd.pw_uid) {
*pwd = root_passwd;
*errnop = 0;
if (uid <= SYSTEM_UID_MAX)
goto not_found;
- if (getenv_bool("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
+ if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
goto not_found;
- if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0) {
+ if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0) {
r = direct_lookup_uid(uid, &direct);
if (r == -ENOENT)
goto not_found;
/* Synthesize records for root and nobody, in case they are missing form /etc/group */
- if (getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
+ if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
if (streq(name, root_group.gr_name)) {
*gr = root_group;
*errnop = 0;
}
}
- if (getenv_bool("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
+ if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
goto not_found;
- if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0) {
+ if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0) {
/* Access the dynamic GID allocation directly if we are called from dbus-daemon, see above. */
r = direct_lookup_name(name, (uid_t*) &translated);
goto not_found;
/* Synthesize records for root and nobody, in case they are missing from /etc/group */
- if (getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
+ if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
if (gid == root_group.gr_gid) {
*gr = root_group;
*errnop = 0;
if (gid <= SYSTEM_GID_MAX)
goto not_found;
- if (getenv_bool("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
+ if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
goto not_found;
- if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0) {
+ if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0) {
r = direct_lookup_uid(gid, &direct);
if (r == -ENOENT)