On 08/09/2013 12:09 AM, Caroline Tice wrote:
+ logs_dir = getenv ("VTV_LOGS_DIR");
This needs to use __secure_getenv or secure_getenv, depending on the glibc version, so that it doesn't wreak havoc in SUID/SGID binaries (or after other kinds of privilege transitions).
Relevant autoconf checks are described here: <http://sourceware.org/glibc/wiki/Tips_and_Tricks/secure_getenv> -- Florian Weimer / Red Hat Product Security Team