From 2f37d9a46b12362131da9474bba0635c42f24939 Mon Sep 17 00:00:00 2001
From: Kapil Sharma <ks3913688@gmail.com>
Date: Thu, 28 Mar 2024 16:50:04 +0530
Subject: [PATCH] Update
 events/syscall/potential_local_privillege_escalation_via_env_var_misuse.go

Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Kapil Sharma <ks3913688@gmail.com>
---
 ...potential_local_privillege_escalation_via_env_var_misuse.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/events/syscall/potential_local_privillege_escalation_via_env_var_misuse.go b/events/syscall/potential_local_privillege_escalation_via_env_var_misuse.go
index 01616698..ca21ebc9 100644
--- a/events/syscall/potential_local_privillege_escalation_via_env_var_misuse.go
+++ b/events/syscall/potential_local_privillege_escalation_via_env_var_misuse.go
@@ -28,10 +28,9 @@ var _ = events.Register(PotentialLocalPrivillegeEscalation)
 
 func PotentialLocalPrivillegeEscalation(h events.Helper) error {
     // Set the GLIBC_TUNABLES environment variable
-    os.Setenv("GLIBC_TUNABLES", "glibc.tune.hwcaps=-WAITED,glibc.tune.secrets=2")
-
     cmd := exec.Command("bash", "-c", "id")
     cmd.Env = os.Environ()
+    cmd.Env = append(cmd.Env, "GLIBC_TUNABLES=glibc.tune.hwcaps=-WAITED,glibc.tune.secrets=2")
 
     h.Log().Info("Process run with suspect environment variable which could be attempting privilege escalation")
     err := cmd.Run()