Bug #780
closedSecurity: getenv() should not be used if daemon are in setuid mode
100%
Description
As stated in the getenv(3) man page, if a lttng daemon is setuid (getuid != geteuid()) it should not try to read env. variable since an untrusted environment is an attack vector.
Updated by Christian Babeux about 10 years ago
Audit all getenv() and replace where necessary with the appropriate secure version.
Updated by Christian Babeux almost 10 years ago
- Target version set to 2.7
The intended fix is to use the secure_getenv() from glibc if available on the system, otherwise use a compat fallback.
Updated by Mathieu Desnoyers almost 10 years ago
- Assignee changed from Christian Babeux to Mathieu Desnoyers
- Target version changed from 2.7 to 2.6
We should also check the arguments received on the command line in addition to the env. vars.
Updated by Jérémie Galarneau almost 10 years ago
- Target version changed from 2.6 to 2.7
Considering the amount of refactoring that has been done in the master branch, the patch addressing this issue will not be backported.
setuid is thus considered unsupported prior to LTTng 2.7.
Updated by Mathieu Desnoyers almost 10 years ago
- Status changed from Confirmed to Resolved
- % Done changed from 0 to 100
Applied in changeset tools|commit:e8fa9fb0539ec3d734f6d0ab91220b4538b2ea30.