Date: Tue, 11 Apr 2017 23:25:04 +0800 From: Ben Woods <woodsb02@gmail.com> To: Jan Beich <jbeich@freebsd.org> Cc: Ben Woods <woodsb02@freebsd.org>, "ports-committers@FreeBSD.org" <ports-committers@freebsd.org>, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r429481 - in head: . x11 x11/lightdm x11/lightdm-gtk-greeter x11/lightdm/files Message-ID: <CAOc73CB_0Ah1ZwVmWJpi54aN9Cnu%2BkqkwGJpZ35pEvPeNRYZgQ@mail.gmail.com> In-Reply-To: <h91y-joxl-wny@FreeBSD.org> References: <201612260653.uBQ6rbp5054319@repo.freebsd.org> <20161226072913.0371FFAE@freefall.freebsd.org> <h91y-joxl-wny@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Jan, Apologies, I think I do remember seeing this, but the solution was not immediately obvious to me and I seem to have forgotten it. I have raised a PR to continue discussion and to ensure it doesn't get lost: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218564 I would be grateful if you could add text to that bug explaining the potential security implications, and elaborate on your proposed fix. Regards, Ben -- From: Benjamin Woods woodsb02@gmail.com On 9 April 2017 at 10:27, Jan Beich <jbeich@freebsd.org> wrote: > jbeich@freebsd.org (Jan Beich) writes: > > >> --- /dev/null 00:00:00 1970 (empty, because file is newly > added) > >> +++ head/x11/lightdm/files/patch-src_process.c Mon Dec 26 > 06:53:37 2016 (r429481) > >> @@ -0,0 +1,11 @@ > >> +--- src/process.c.orig 2016-12-08 21:38:14 UTC > >> ++++ src/process.c > >> +@@ -231,7 +231,7 @@ process_start (Process *process, gboolea > >> + #ifdef HAVE_CLEARENV > >> + clearenv (); > >> + #else > >> +- environ = NULL; > >> ++ putenv ("environ=NULL"); > >> + #endif > >> + for (i = 0; i < env_length; i++) > >> + setenv (env_keys[i], env_values[i], TRUE); > > > > Looks bogus, see environ(7). Maybe use "env -i" version: > > > > extern char **environ; > > char *cleanenv[1]; > > environ = cleanenv; > > cleanenv[0] = NULL; > > Did you ignore this despite possible security implications? I'm not a user, > so just guessing. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOc73CB_0Ah1ZwVmWJpi54aN9Cnu%2BkqkwGJpZ35pEvPeNRYZgQ>