projects / lttng-ust.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f40806c) | patch
Fix: use lttng_secure_getenv to handle env. vars. involving paths
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Thu, 23 Apr 2015 22:45:05 +0000 (18:45 -0400)
committerMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Thu, 23 Apr 2015 22:51:10 +0000 (18:51 -0400)
commit9fc0207b11453e57dbaa751c64b9291f63dfbe60
treeca74c12a16fe6304599b12d83e0a158cc1d666abtree | snapshot
parentf40806c899f23f6006f38c55438ef8c5b7e69b9ccommit | diff
Fix: use lttng_secure_getenv to handle env. vars. involving paths

This is a security fix for applications linked against liblttng-ust
which are exposed as setuid binaries.

A malicious user which can run those applications could target those
environment variable paths to locations that would allow it to create
files in various areas of the filesystem.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
liblttng-ust/lttng-ust-comm.c diff | blob | blame | history
LTTng 2.0 Userspace Tracer
This page took 0.02602 seconds and 4 git commands to generate.