OK, I have removed the attempt to use $HOME for the logs; they will now either go into the directory specified by the environment variable VTV_LOGS_DIR, or they will go into the current directory. I also added code to use secure_getenv, rather than getenv, if it is available. Is this patch ok to commit?
-- Caroline Tice
cmt...@google.com
2013-08-10 Caroline Tice <cmt...@google.com>
* configure.ac: Add check for __secure_getenv and secure_getenv.
* configure: Regenerate.
* vtv_utils.cc : Include stdlib.h
(HAVE_SECURE_GETENV): Add checks and definitions for secure_getenv.
(log_dirs): Remove file static constant.
(__vtv_open_log): Increase size of log file name. Add the user
and process ids to the file name. Do not put the log files in /tmp.
Instead try to get the directory name from an environment variable; if
that fails use the current directory. Add O_NOFOLLOW to the flags
for 'open'. Update function comment.
On Fri, Aug 9, 2013 at 12:06 AM, Florian Weimer <fwei...@redhat.com> wrote:
> On 08/09/2013 12:09 AM, Caroline Tice wrote:
>>
>> + logs_dir = getenv ("VTV_LOGS_DIR");
>
>
> This needs to use __secure_getenv or secure_getenv, depending on the glibc
> version, so that it doesn't wreak havoc in SUID/SGID binaries (or after
> other kinds of privilege transitions).
>
> Relevant autoconf checks are described here:
>
> <http://sourceware.org/glibc/wiki/Tips_and_Tricks/secure_getenv>
>
> --
> Florian Weimer / Red Hat Product Security Team
vtv-update-tmpdir.patch
Description: Binary data
