From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bugzilla@dpdk.org>
Received: by dpdk.org (Postfix, from userid 33)
 id D51352B9E; Mon, 19 Nov 2018 12:25:39 +0100 (CET)
From: bugzilla@dpdk.org
To: dev@dpdk.org
Date: Mon, 19 Nov 2018 11:25:39 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: DPDK
X-Bugzilla-Component: ethdev
X-Bugzilla-Version: 17.11
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: minor
X-Bugzilla-Who: andy01011501@163.com
X-Bugzilla-Status: IN_PROGRESS
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: dev@dpdk.org
X-Bugzilla-Target-Milestone: 17.11
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
 target_milestone
Message-ID: <bug-109-3@http.bugs.dpdk.org/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://bugs.dpdk.org/
Auto-Submitted: auto-generated
X-Auto-Response-Suppress: All
MIME-Version: 1.0
Subject: [dpdk-dev] [Bug 109] Using the environment variable to get the
	filepath
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Nov 2018 11:25:40 -0000

https://bugs.dpdk.org/show_bug.cgi?id=3D109

            Bug ID: 109
           Summary: Using the environment variable to get the filepath
           Product: DPDK
           Version: 17.11
          Hardware: All
                OS: All
            Status: IN_PROGRESS
          Severity: minor
          Priority: Normal
         Component: ethdev
          Assignee: dev@dpdk.org
          Reporter: andy01011501@163.com
  Target Milestone: 17.11

In some functions like
  eal_runtime_config_path,
  eal_hugepage_info_path,
  rte_pci_get_sysfs_path,

DPDK use the environment variable to get the file path like the code below:
    const char *rte_pci_get_sysfs_path(void)
    {
        const char *path =3D NULL;

        path =3D getenv("SYSFS_PCI_DEVICES");
        if (path =3D=3D NULL)
                return SYSFS_PCI_DEVICES;

        return path;
    }

There are some risks when the envs are changed to some path like
"../../../etc/passwd" and the attackers have chances to construct file paths
for unauthorized access.

--=20
You are receiving this mail because:
You are the assignee for the bug.=