From 13efba44993b2b2679677edb5cf75ef17849d621 Mon Sep 17 00:00:00 2001
From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Thu, 23 Apr 2015 18:45:05 -0400
Subject: [PATCH] Fix: use lttng_secure_getenv to handle env. vars. involving
 paths

This is a security fix for applications linked against liblttng-ust
which are exposed as setuid binaries.

A malicious user which can run those applications could target those
environment variable paths to locations that would allow it to create
files in various areas of the filesystem.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
---
 liblttng-ust/lttng-ust-comm.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/liblttng-ust/lttng-ust-comm.c b/liblttng-ust/lttng-ust-comm.c
index ace63bb8..794cba9d 100644
--- a/liblttng-ust/lttng-ust-comm.c
+++ b/liblttng-ust/lttng-ust-comm.c
@@ -55,6 +55,7 @@
 #include "lttng-ust-baddr.h"
 #include "clock.h"
 #include "../libringbuffer/getcpu.h"
+#include "getenv.h"
 
 /*
  * Has lttng ust comm constructor been called ?
@@ -316,11 +317,11 @@ const char *get_lttng_home_dir(void)
 {
        const char *val;
 
-       val = (const char *) getenv("LTTNG_HOME");
+       val = (const char *) lttng_secure_getenv("LTTNG_HOME");
        if (val != NULL) {
                return val;
        }
-       return (const char *) getenv("HOME");
+       return (const char *) lttng_secure_getenv("HOME");
 }
 
 /*
-- 
2.34.1