Date: Tue, 10 Jun 2008 07:14:17 +0300 From: Timo Sirainen <tss@iki.fi> To: "Sean C. Farley" <scf@FreeBSD.org> Cc: freebsd-stable@FreeBSD.org Subject: Re: Environment clearing broken in 7.0 Message-ID: <1213071257.3904.991.camel@hurina> In-Reply-To: <alpine.BSF.1.10.0806092118250.3974@thor.farley.org> References: <1213036854.3904.967.camel@hurina> <alpine.BSF.1.10.0806092118250.3974@thor.farley.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-I+sIyPBBrbdbStxzgCqS
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Mon, 2008-06-09 at 22:27 -0500, Sean C. Farley wrote:
> On Mon, 9 Jun 2008, Timo Sirainen wrote:
>=20
> > I think clearing environment using:
> >
> > environ[0] =3D NULL;
> >
> > has been kind of a semi-standard for a while now. At least Dovecot and
> > Postfix clears their environment this way. But this no longer works in
> > FreeBSD 7.0 (putenv(), environ[0]=3DNULL, putenv() -> everything is
> > visible again). Was this change intended, or will this be fixed?
>=20
> It is more or less intended. When a program sets an environment
> variable, the environment is copied for faster/leaner usage. Changing
> individual values within environ is not checked else every pointer would
> need to be checked for consistency. What I did was to write the code to
> detect if environ is replaced (NULL or new array of variables).
OK, so perhaps Sendmail's way of clearing environment would be the best
solution:
static char *emptyenv[1] =3D { NULL };
environ =3D emptyenv;
> I suggest reading the two paragraphs from Open Group's getenv()[1]
> documentation starting at "Conforming applications are required not to
> modify environ directly, ..." for the rationale in the new design.
> Obviously, applications are not required to conform, but the
> documentation talks about what an OS may be doing under the covers to
> environ.
How about implementing clearenv()? I'm using it now if it's available.
> Out of curiosity, do Dovecot and Postfix check that environ is not NULL
> before setting environ[0]? environ may be set to NULL at the start but
> not by FreeBSD's /usr/bin/env -i.
Yes, both check if it's NULL. (I think I originally copied my code's
logic from Postfix.)
> > Looks like I could work around this by using:
> >
> > environ =3D NULL;
>=20
> That will work on the *BSD's, OpenSolaris and Linux.
But not on OS X. It crashes there.
> Also, this will work:
> environ =3D calloc(1, sizeof(*environ));
Is this any better than using a static emptyenv[1]?
BTW. I wonder if this change breaks any applications where not clearing
environment could result in a security hole. As far as I know FreeBSD
7.0 is the only modern OS where environ[0]=3DNULL doesn't work.
--=-I+sIyPBBrbdbStxzgCqS
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQBITf+ZyUhSUUBViskRAgpiAJwLskiHlm3fBJUtOAT0Dw1i+N9eaACfQG4r
w1BFns+UqmPLDvP7aJh3yMY=
=ewlv
-----END PGP SIGNATURE-----
--=-I+sIyPBBrbdbStxzgCqS--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1213071257.3904.991.camel>