This is the mail archive of the
mailing list for the GCC project.
Re: [PATCH, vtv update] Fix /tmp directory issues in libvtv
- From: Florian Weimer <fweimer at redhat dot com>
- To: Caroline Tice <cmtice at google dot com>
- Cc: GCC Patches <gcc-patches at gcc dot gnu dot org>, Diego Novillo <dnovillo at google dot com>, Benjamin Kosnik <bkoz at redhat dot com>, "Joseph S. Myers" <joseph at codesourcery dot com>, Bhaskar Janakiraman <bjanakiraman at google dot com>
- Date: Sun, 11 Aug 2013 22:04:04 +0200
- Subject: Re: [PATCH, vtv update] Fix /tmp directory issues in libvtv
- References: <CABtf2+SE75qwSodDpFjCEQ-DVFtY4B4dhVgMopNUA9z3FaCXRQ at mail dot gmail dot com> <520494FD dot 5030207 at redhat dot com> <CABtf2+SzFffNo78Ey9sr=wsrm8-5_3DzYAE6LALkYu06fHeHfQ at mail dot gmail dot com>
On 08/11/2013 01:08 AM, Caroline Tice wrote:
OK, I have removed the attempt to use $HOME for the logs; they will
now either go into the directory specified by the environment variable
VTV_LOGS_DIR, or they will go into the current directory. I also
added code to use secure_getenv, rather than getenv, if it is
available. Is this patch ok to commit?
+ logs_prefix = secure_getenv ("VTV_LOGS_DIR");
+ if (!logs_prefix || strlen (logs_prefix) == 0)
+ logs_prefix = (char *) ".";
Hmm. If you fall back to the current directory, using secure_getenv
doesn't have the intended security effect. I wonder if we can simply
label this functionality as unsafe for SUID/SGID programs, like we
(hopefully) do for profiling.
Also, logs_prefix should be declared const char *, then the cast can go
away (I hope).
Florian Weimer / Red Hat Product Security Team