© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
snap-confine is a suid program and its security is indeed critical; there are two cases where secure_getenv is required:
- libraries that change behavior based on environment variables, because this might allow abusing a suid program linked to that library
- suid programs themselves – in case where the code is shared with non-suid code or the program can be run in both suid and non-suid mode
snap-confine is run non-suid during the testsuite, and the environment variables it reads would allow bypassing the confinement its supposed to provide if read when suid.
Even if the target system disables all AppArmor profile usage, using getenv() instead of secure_getenv() means that a vulnerable suid snap-confine is installed on these systems and could be abused to bypass other security (for instance to escalate an unprivileged process to root).