This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH, vtv update] Fix /tmp directory issues in libvtv


On 08/09/2013 12:09 AM, Caroline Tice wrote:
+  logs_dir = getenv ("VTV_LOGS_DIR");

This needs to use __secure_getenv or secure_getenv, depending on the glibc version, so that it doesn't wreak havoc in SUID/SGID binaries (or after other kinds of privilege transitions).

Relevant autoconf checks are described here:

<http://sourceware.org/glibc/wiki/Tips_and_Tricks/secure_getenv>

--
Florian Weimer / Red Hat Product Security Team


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]