projects / lttng-ust.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2851590) | patch
Fix: use lttng_secure_getenv to handle env. vars. involving paths
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Thu, 23 Apr 2015 22:45:05 +0000 (18:45 -0400)
committerMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Thu, 23 Apr 2015 22:45:05 +0000 (18:45 -0400)
commit13efba44993b2b2679677edb5cf75ef17849d621
treecda31121cd49e2c28a0f294a31efbadb6dcd3b4dtree | snapshot
parent28515902a0c1d721e1a92c4a25f20574e0e4f24acommit | diff
Fix: use lttng_secure_getenv to handle env. vars. involving paths

This is a security fix for applications linked against liblttng-ust
which are exposed as setuid binaries.

A malicious user which can run those applications could target those
environment variable paths to locations that would allow it to create
files in various areas of the filesystem.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
liblttng-ust/lttng-ust-comm.c diff | blob | blame | history
LTTng 2.0 Userspace Tracer
This page took 0.026962 seconds and 4 git commands to generate.