Added by David Goulet over 10 years ago. Updated almost 10 years ago.
100%
Description
As stated in the getenv(3) man page, if a lttng daemon is setuid (getuid != geteuid()) it should not try to read env. variable since an untrusted environment is an attack vector.
Audit all getenv() and replace where necessary with the appropriate secure version.
The intended fix is to use the secure_getenv() from glibc if available on the system, otherwise use a compat fallback.
We should also check the arguments received on the command line in addition to the env. vars.
Considering the amount of refactoring that has been done in the master branch, the patch addressing this issue will not be backported.
setuid is thus considered unsupported prior to LTTng 2.7.
Applied in changeset tools|commit:e8fa9fb0539ec3d734f6d0ab91220b4538b2ea30.