[libcamera-devel] [PATCH 4/4] libcamera: log: Fallback to getenv on non-gnu systems
Laurent Pinchart
laurent.pinchart at ideasonboard.com
Sat Mar 23 00:03:36 CET 2019
Hi Kieran,
Thank you for the patch.
On Fri, Mar 22, 2019 at 10:43:50AM +0000, Kieran Bingham wrote:
> The secure_getenv() call is not provided by all toolchains. Support
> compilation without this feature by falling back to the default getenv()
> functionality.
>
> Signed-off-by: Kieran Bingham <kieran.bingham at ideasonboard.com>
> ---
> src/libcamera/log.cpp | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/src/libcamera/log.cpp b/src/libcamera/log.cpp
> index 7d930cd6b99e..a44bd941e615 100644
> --- a/src/libcamera/log.cpp
> +++ b/src/libcamera/log.cpp
> @@ -49,6 +49,15 @@
>
> namespace libcamera {
>
> +
> +/*
> + * secure_getenv is a GNU-specific extension to the C-Library.
> + * fall back to the default getenv when it is not available.
> + */
> +#ifndef HAVE_SECURE_GETENV
Where is HAVE_SECURE_GETENV defined ?
> +#define secure_getenv getenv
This means that a setuid-root binary linked to libcamera could be used
to overwrite any file on the system through the logging infrastructure.
There should be no setuid binaries linking to libcamera in the first
place, but I would still prefer avoiding this potential security issue.
> +#endif
> +
> /**
> * \brief Message logger
> *
--
Regards,
Laurent Pinchart
More information about the libcamera-devel
mailing list