{
Int n;
SysRes fd;
- Long size;
+ struct vg_stat stat_buf;
HChar* f_clo = NULL;
HChar filename[VKI_PATH_MAX];
( NULL == dir ? "" : dir ) );
fd = VG_(open)(filename, 0, VKI_S_IRUSR);
if ( !fd.isError ) {
- size = VG_(fsize)(fd.res);
- if (size > 0) {
- f_clo = VG_(malloc)("commandline.rdv.1", size+1);
- vg_assert(f_clo);
- n = VG_(read)(fd.res, f_clo, size);
- if (n == -1) n = 0;
- vg_assert(n >= 0 && n <= size+1);
- f_clo[n] = '\0';
+ Int res = VG_(fstat)( fd.res, &stat_buf );
+ // Ignore if not owned by current user or world writeable (CVE-2008-4865)
+ if (!res && stat_buf.st_uid == VG_(geteuid)()
+ && (!(stat_buf.st_mode & VKI_S_IWOTH))) {
+ if ( stat_buf.st_size > 0 ) {
+ f_clo = VG_(malloc)("commandline.rdv.1", stat_buf.st_size+1);
+ vg_assert(f_clo);
+ n = VG_(read)(fd.res, f_clo, stat_buf.st_size);
+ if (n == -1) n = 0;
+ vg_assert(n >= 0 && n <= stat_buf.st_size+1);
+ f_clo[n] = '\0';
+ }
}
+ else
+ VG_(message)(Vg_UserMsg,
+ "%s was not read as it is world writeable or not owned by the "
+ "current user", filename);
+
VG_(close)(fd.res);
}
return f_clo;
precedence over those in
<computeroutput>~/.valgrindrc</computeroutput>. The first two
are particularly useful for setting the default tool to
-use.</para>
+use.
+</para>
+
+<para>Please note that the <computeroutput>./.valgrindrc</computeroutput>
+file is ignored if it is marked as world writeable or not owned
+by the current user. This is because the .valgrindrc can contain options
+that are potentially harmful or can be used by a local attacker to
+execute code under your user account.
+</para>
<para>Any tool-specific options put in
<computeroutput>$VALGRIND_OPTS</computeroutput> or the
projects / thirdparty / valgrind.git / commitdiff
