On 08/09/2013 12:09 AM, Caroline Tice wrote:
+  logs_dir = getenv ("VTV_LOGS_DIR");

This needs to use __secure_getenv or secure_getenv, depending on the glibc version, so that it doesn't wreak havoc in SUID/SGID binaries (or after other kinds of privilege transitions).

Relevant autoconf checks are described here:

<http://sourceware.org/glibc/wiki/Tips_and_Tricks/secure_getenv>

--
Florian Weimer / Red Hat Product Security Team

Reply via email to