This is a security fix for applications linked against liblttng-ust
which are exposed as setuid binaries.
A malicious user which can run those applications could target those
environment variable paths to locations that would allow it to create
files in various areas of the filesystem.
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
#include "lttng-ust-baddr.h"
#include "clock.h"
#include "../libringbuffer/getcpu.h"
+#include "getenv.h"
/*
* Has lttng ust comm constructor been called ?
{
const char *val;
- val = (const char *) getenv("LTTNG_HOME");
+ val = (const char *) lttng_secure_getenv("LTTNG_HOME");
if (val != NULL) {
return val;
}
- return (const char *) getenv("HOME");
+ return (const char *) lttng_secure_getenv("HOME");
}
/*