From owner-freebsd-current@FreeBSD.ORG  Fri Dec  4 00:04:48 2009
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7F5F3106566B
	for <freebsd-current@FreeBSD.org>; Fri,  4 Dec 2009 00:04:48 +0000 (UTC)
	(envelope-from scf@FreeBSD.org)
Received: from mail.farley.org (mail.farley.org [IPv6:2001:470:1f0f:20:2::11])
	by mx1.freebsd.org (Postfix) with ESMTP id 4AF928FC0C
	for <freebsd-current@FreeBSD.org>; Fri,  4 Dec 2009 00:04:48 +0000 (UTC)
Received: from thor.farley.org (HPooka@thor.farley.org
	[IPv6:2001:470:1f0f:20:1::5])
	by mail.farley.org (8.14.3/8.14.3) with ESMTP id nB404lVN072090
	for <freebsd-current@FreeBSD.org>; Thu, 3 Dec 2009 18:04:47 -0600 (CST)
	(envelope-from scf@FreeBSD.org)
Date: Thu, 3 Dec 2009 18:04:47 -0600 (CST)
From: "Sean C. Farley" <scf@FreeBSD.org>
To: freebsd-current@FreeBSD.org
Message-ID: <alpine.BSF.2.00.0912031730030.18865@thor.farley.org>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
X-Spam-Status: No, score=-2.6 required=4.0 tests=BAYES_00,NO_RELAYS
	autolearn=ham version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.farley.org
Cc: 
Subject: environ function patch for review
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2009 00:04:48 -0000

Regarding the recent security issue with the unsetenv() calls in rtld, I 
have made a patch[1] I would like reviewed prior to commit.  It changes 
the behavior of all the *env() routines that cause an internal 
environment to be created.  This is putenv(), setenv() and unsetenv(). 
getenv() will not cause an internal environment to be created.  I have 
tested the patch without the rltd fix, and it prevents the security 
issue.

Instead of returning an error when tripping upon a corrupt environment, 
it will return an error when the caller passes bad argument(s) (EINVAL) 
or if unable to allocate memory (ENOMEM).  Except for the possibility 
for ENOMEM, this should make the behavior the same as FreeBSD 6 and 
below.

Another commit[2] will also be made, but it mainly changes a comment to 
better reflect the search order in getenv().  Changing the comment was 
recommended by Brian (green), and I concur to the change.  The entire 
commit will not change any code.

The patches will be applied in the order of the comment-only patch and 
then the behavioral patch.

Thank you.

Sean
   1. http://people.freebsd.org/~scf/getenv-2.patch
   2. http://people.freebsd.org/~scf/getenv-1.patch
-- 
scf@FreeBSD.org