https://bugs.dpdk.org/show_bug.cgi?id=109
Bug ID: 109
Summary: Using the environment variable to get the filepath
Product: DPDK
Version: 17.11
Hardware: All
OS: All
Status: IN_PROGRESS
Severity: minor
Priority: Normal
Component: ethdev
Assignee: dev@dpdk.org
Reporter: andy01011...@163.com
Target Milestone: 17.11
In some functions like
eal_runtime_config_path,
eal_hugepage_info_path,
rte_pci_get_sysfs_path,
DPDK use the environment variable to get the file path like the code below:
const char *rte_pci_get_sysfs_path(void)
{
const char *path = NULL;
path = getenv("SYSFS_PCI_DEVICES");
if (path == NULL)
return SYSFS_PCI_DEVICES;
return path;
}
There are some risks when the envs are changed to some path like
"../../../etc/passwd" and the attackers have chances to construct file paths
for unauthorized access.
--
You are receiving this mail because:
You are the assignee for the bug.
