From mboxrd@z Thu Jan  1 00:00:00 1970
From: bugzilla@dpdk.org
Subject: [Bug 109] Using the environment variable to get the
	filepath
Date: Mon, 19 Nov 2018 11:25:39 +0000
Message-ID: <bug-109-3@http.bugs.dpdk.org/>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
To: dev@dpdk.org
Return-path: <dev-bounces@dpdk.org>
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

https://bugs.dpdk.org/show_bug.cgi?id=3D109

            Bug ID: 109
           Summary: Using the environment variable to get the filepath
           Product: DPDK
           Version: 17.11
          Hardware: All
                OS: All
            Status: IN_PROGRESS
          Severity: minor
          Priority: Normal
         Component: ethdev
          Assignee: dev@dpdk.org
          Reporter: andy01011501@163.com
  Target Milestone: 17.11

In some functions like
  eal_runtime_config_path,
  eal_hugepage_info_path,
  rte_pci_get_sysfs_path,

DPDK use the environment variable to get the file path like the code below:
    const char *rte_pci_get_sysfs_path(void)
    {
        const char *path =3D NULL;

        path =3D getenv("SYSFS_PCI_DEVICES");
        if (path =3D=3D NULL)
                return SYSFS_PCI_DEVICES;

        return path;
    }

There are some risks when the envs are changed to some path like
"../../../etc/passwd" and the attackers have chances to construct file paths
for unauthorized access.

--=20
You are receiving this mail because:
You are the assignee for the bug.=