Current File : //proc/thread-self/root/kunden/usr/share/systemtap/examples/security-band-aids/cve-2023-4911.stp

function has_tunable_string:long()
{
  name = "GLIBC_TUNABLES"

  mm = @task(task_current())->mm;
  if (mm)
    {
      env_start = @mm(mm)->env_start;
      env_end = @mm(mm)->env_end;

      if (env_start != 0 && env_end != 0)
        while (env_end > env_start)
          {
            cur = user_string(env_start, "");
            env_name = tokenize(cur, "=");
      
            if (env_name == name && tokenize("", "") != "")
              return 1;
            env_start += strlen (cur) + 1
          }
    }

  return 0;
}

probe process("/lib*/ld*.so*").function("__tunables_init")
{
  atsecure = 0;
  /* Skip processing if we can't read __libc_enable_secure, e.g. core dump
     handler (systemd-cgroups-agent and systemd-coredump).  */
  try { atsecure = @var("__libc_enable_secure"); }
  catch { printk (4, sprintf ("CVE-2023-4911: Skipped check: %s (%d)", execname(), pid())); }
  if (atsecure && has_tunable_string ())
    raise (9);
}