This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH, vtv update] Fix /tmp directory issues in libvtv


OK, I have removed the attempt to use $HOME for the logs; they will
now either go into the directory specified by the environment variable
VTV_LOGS_DIR, or they will go into the current directory.  I also
added code to use secure_getenv, rather than getenv, if it is
available.  Is this patch ok to commit?

-- Caroline Tice
cmtice@google.com

2013-08-10  Caroline Tice  <cmtice@google.com>

* configure.ac: Add check for __secure_getenv and secure_getenv.
* configure: Regenerate.
* vtv_utils.cc : Include stdlib.h
(HAVE_SECURE_GETENV): Add checks and definitions for secure_getenv.
(log_dirs): Remove file static constant.
(__vtv_open_log):  Increase size of log file name.  Add the user
and process ids to the file name. Do not put the log files in /tmp.
Instead try to get the directory name from an environment variable; if
that fails use the current directory.  Add O_NOFOLLOW to the flags
for 'open'.  Update function comment.

On Fri, Aug 9, 2013 at 12:06 AM, Florian Weimer <fweimer@redhat.com> wrote:
> On 08/09/2013 12:09 AM, Caroline Tice wrote:
>>
>> +  logs_dir = getenv ("VTV_LOGS_DIR");
>
>
> This needs to use __secure_getenv or secure_getenv, depending on the glibc
> version, so that it doesn't wreak havoc in SUID/SGID binaries (or after
> other kinds of privilege transitions).
>
> Relevant autoconf checks are described here:
>
> <http://sourceware.org/glibc/wiki/Tips_and_Tricks/secure_getenv>
>
> --
> Florian Weimer / Red Hat Product Security Team

Attachment: vtv-update-tmpdir.patch
Description: Binary data


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]