Project

General

Profile

Actions
Copy link

Bug #780

closed
DG MD

Security: getenv() should not be used if daemon are in setuid mode

Bug #780: Security: getenv() should not be used if daemon are in setuid mode

Added by David Goulet over 11 years ago. Updated almost 11 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Mathieu Desnoyers
Target version:
LTTng - 2.7
Start date:
04/14/2014
Due date:
% Done:

100%

Estimated time:

Description

As stated in the getenv(3) man page, if a lttng daemon is setuid (getuid != geteuid()) it should not try to read env. variable since an untrusted environment is an attack vector.

CB Updated by Christian Babeux about 11 years ago Actions
Copy link
 #1

Audit all getenv() and replace where necessary with the appropriate secure version.

CB Updated by Christian Babeux about 11 years ago Actions
Copy link
 #2

  • Assignee set to Christian Babeux

CB Updated by Christian Babeux almost 11 years ago Actions
Copy link
 #3

  • Target version set to 2.7

The intended fix is to use the secure_getenv() from glibc if available on the system, otherwise use a compat fallback.

MD Updated by Mathieu Desnoyers almost 11 years ago Actions
Copy link
 #4

  • Assignee changed from Christian Babeux to Mathieu Desnoyers
  • Target version changed from 2.7 to 2.6

We should also check the arguments received on the command line in addition to the env. vars.

JG Updated by Jérémie Galarneau almost 11 years ago Actions
Copy link
 #5

  • Target version changed from 2.6 to 2.7

Considering the amount of refactoring that has been done in the master branch, the patch addressing this issue will not be backported.
setuid is thus considered unsupported prior to LTTng 2.7.

MD Updated by Mathieu Desnoyers almost 11 years ago Actions
Copy link
 #6

  • Status changed from Confirmed to Resolved
  • % Done changed from 0 to 100

Applied in changeset tools|commit:e8fa9fb0539ec3d734f6d0ab91220b4538b2ea30.

Actions
Copy link

Also available in: PDF Atom