projects
/
lttng-tools.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix: setuid/setgid daemons should not get sensitive env. var./args
[lttng-tools.git]
/
src
/
bin
/
lttng
/
lttng.c
diff --git
a/src/bin/lttng/lttng.c
b/src/bin/lttng/lttng.c
index e4a8fd23ca2cfd92639734b0d74ff7b7c819253d..8e5bb0fd468cd52b670f8dfef3b62250b7ec5aed 100644
(file)
--- a/
src/bin/lttng/lttng.c
+++ b/
src/bin/lttng/lttng.c
@@
-16,6
+16,7
@@
*/
#define _GNU_SOURCE
*/
#define _GNU_SOURCE
+#define _LGPL_SOURCE
#include <getopt.h>
#include <signal.h>
#include <stdio.h>
#include <getopt.h>
#include <signal.h>
#include <stdio.h>
@@
-29,6
+30,7
@@
#include <lttng/lttng.h>
#include <common/error.h>
#include <lttng/lttng.h>
#include <common/error.h>
+#include <common/compat/getenv.h>
#include "command.h"
#include "command.h"
@@
-237,7
+239,7
@@
static int set_signal_handler(void)
sigset_t sigset;
if ((ret = sigemptyset(&sigset)) < 0) {
sigset_t sigset;
if ((ret = sigemptyset(&sigset)) < 0) {
-
perror
("sigemptyset");
+
PERROR
("sigemptyset");
goto end;
}
goto end;
}
@@
-245,17
+247,17
@@
static int set_signal_handler(void)
sa.sa_mask = sigset;
sa.sa_flags = 0;
if ((ret = sigaction(SIGUSR1, &sa, NULL)) < 0) {
sa.sa_mask = sigset;
sa.sa_flags = 0;
if ((ret = sigaction(SIGUSR1, &sa, NULL)) < 0) {
-
perror
("sigaction");
+
PERROR
("sigaction");
goto end;
}
if ((ret = sigaction(SIGTERM, &sa, NULL)) < 0) {
goto end;
}
if ((ret = sigaction(SIGTERM, &sa, NULL)) < 0) {
-
perror
("sigaction");
+
PERROR
("sigaction");
goto end;
}
if ((ret = sigaction(SIGCHLD, &sa, NULL)) < 0) {
goto end;
}
if ((ret = sigaction(SIGCHLD, &sa, NULL)) < 0) {
-
perror
("sigaction");
+
PERROR
("sigaction");
goto end;
}
goto end;
}
@@
-323,7
+325,7
@@
static int spawn_sessiond(char *pathname)
if (errno == ENOENT) {
ERR("No session daemon found. Use --sessiond-path.");
} else {
if (errno == ENOENT) {
ERR("No session daemon found. Use --sessiond-path.");
} else {
-
perror
("execlp");
+
PERROR
("execlp");
}
kill(getppid(), SIGTERM); /* wake parent */
exit(EXIT_FAILURE);
}
kill(getppid(), SIGTERM); /* wake parent */
exit(EXIT_FAILURE);
@@
-349,7
+351,7
@@
static int spawn_sessiond(char *pathname)
}
goto end;
} else {
}
goto end;
} else {
-
perror
("fork");
+
PERROR
("fork");
ret = -1;
goto end;
}
ret = -1;
goto end;
}
@@
-444,6
+446,11
@@
static int parse_args(int argc, char **argv)
int opt, ret;
char *user;
int opt, ret;
char *user;
+ if (lttng_is_setuid_setgid()) {
+ ERR("'%s' is not allowed to be executed as a setuid/setgid binary for security reasons. Aborting.", argv[0]);
+ clean_exit(EXIT_FAILURE);
+ }
+
if (argc < 2) {
usage(stderr);
clean_exit(EXIT_FAILURE);
if (argc < 2) {
usage(stderr);
clean_exit(EXIT_FAILURE);
@@
-483,9
+490,17
@@
static int parse_args(int argc, char **argv)
break;
case OPT_SESSION_PATH:
opt_sessiond_path = strdup(optarg);
break;
case OPT_SESSION_PATH:
opt_sessiond_path = strdup(optarg);
+ if (!opt_sessiond_path) {
+ ret = -1;
+ goto error;
+ }
break;
case OPT_RELAYD_PATH:
opt_relayd_path = strdup(optarg);
break;
case OPT_RELAYD_PATH:
opt_relayd_path = strdup(optarg);
+ if (!opt_relayd_path) {
+ ret = -1;
+ goto error;
+ }
break;
case OPT_DUMP_OPTIONS:
list_options(stdout);
break;
case OPT_DUMP_OPTIONS:
list_options(stdout);
This page took
0.031683 seconds
and
5
git commands to generate.