Fix: use lttng_secure_getenv to handle env. vars. involving paths

This is a security fix for applications linked against liblttng-ust
which are exposed as setuid binaries.

A malicious user which can run those applications could target those
environment variable paths to locations that would allow it to create
files in various areas of the filesystem.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>

diff --git a/liblttng-ust/lttng-ust-comm.c b/liblttng-ust/lttng-ust-comm.c
index f40683d37c306fc3157de9793a258d4f58e0f3fe..3800ba68c06cdb1874f9d6b71e262759911535f6 100644 (file)
--- a/liblttng-ust/lttng-ust-comm.c
+++ b/liblttng-ust/lttng-ust-comm.c
@@ -52,6 +52,7 @@
 #include "compat.h"
 #include "../libringbuffer/tlsfixup.h"
 #include "lttng-ust-baddr.h"
+#include "getenv.h"
 
 /*
  * Has lttng ust comm constructor been called ?
@@ -313,11 +314,11 @@ const char *get_lttng_home_dir(void)
 {
        const char *val;
 
-       val = (const char *) getenv("LTTNG_HOME");
+       val = (const char *) lttng_secure_getenv("LTTNG_HOME");
        if (val != NULL) {
                return val;
        }
-       return (const char *) getenv("HOME");
+       return (const char *) lttng_secure_getenv("HOME");
 }
 
 /*