Project

General

Profile

Actions
Copy link

Bug #780

closed

Security: getenv() should not be used if daemon are in setuid mode

Added by David Goulet about 10 years ago. Updated about 9 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Mathieu Desnoyers
Target version:
LTTng - 2.7
Start date:
04/14/2014
Due date:
% Done:

100%

Estimated time:

Description

As stated in the getenv(3) man page, if a lttng daemon is setuid (getuid != geteuid()) it should not try to read env. variable since an untrusted environment is an attack vector.

Actions
Copy link
 #1

Updated by Christian Babeux over 9 years ago

Audit all getenv() and replace where necessary with the appropriate secure version.

Actions
Copy link
 #2

Updated by Christian Babeux over 9 years ago

  • Assignee set to Christian Babeux
Actions
Copy link
 #3

Updated by Christian Babeux over 9 years ago

  • Target version set to 2.7

The intended fix is to use the secure_getenv() from glibc if available on the system, otherwise use a compat fallback.

Actions
Copy link
 #4

Updated by Mathieu Desnoyers over 9 years ago

  • Assignee changed from Christian Babeux to Mathieu Desnoyers
  • Target version changed from 2.7 to 2.6

We should also check the arguments received on the command line in addition to the env. vars.

Actions
Copy link
 #5

Updated by Jérémie Galarneau about 9 years ago

  • Target version changed from 2.6 to 2.7

Considering the amount of refactoring that has been done in the master branch, the patch addressing this issue will not be backported.
setuid is thus considered unsupported prior to LTTng 2.7.

Actions
Copy link
 #6

Updated by Mathieu Desnoyers about 9 years ago

  • Status changed from Confirmed to Resolved
  • % Done changed from 0 to 100

Applied in changeset tools|commit:e8fa9fb0539ec3d734f6d0ab91220b4538b2ea30.

Actions
Copy link

Also available in: Atom PDF