projects / lttng-ust.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c67ad70) | patch
Fix: use lttng_secure_getenv to handle env. vars. involving paths
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Thu, 23 Apr 2015 22:45:05 +0000 (18:45 -0400)
committerMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Thu, 23 Apr 2015 22:50:20 +0000 (18:50 -0400)
commitab7ffb47327c43dff0b56d5763f0c6ce2d68f919
tree85f61d159eb69a7c2beac9ff666958f7049f609etree | snapshot
parentc67ad70ef8b57f81015f30e16fba62e940388832commit | diff
Fix: use lttng_secure_getenv to handle env. vars. involving paths

This is a security fix for applications linked against liblttng-ust
which are exposed as setuid binaries.

A malicious user which can run those applications could target those
environment variable paths to locations that would allow it to create
files in various areas of the filesystem.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
liblttng-ust/lttng-ust-comm.c diff | blob | blame | history
LTTng 2.0 Userspace Tracer
This page took 0.025171 seconds and 4 git commands to generate.