Date: Tue, 1 Dec 2009 02:57:07 +0000 (UTC) From: Colin Percival <cperciva@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r199979 - head/libexec/rtld-elf Message-ID: <200912010257.nB12v7Qe049986@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cperciva Date: Tue Dec 1 02:57:06 2009 New Revision: 199979 URL: http://svn.freebsd.org/changeset/base/199979 Log: Fix local root vulnerability. Security: Advisory will be coming soon. X-MFC-After: 30 seconds Modified: head/libexec/rtld-elf/rtld.c Modified: head/libexec/rtld-elf/rtld.c ============================================================================== --- head/libexec/rtld-elf/rtld.c Tue Dec 1 00:42:17 2009 (r199978) +++ head/libexec/rtld-elf/rtld.c Tue Dec 1 02:57:06 2009 (r199979) @@ -366,12 +366,12 @@ _rtld(Elf_Addr *sp, func_ptr_type *exit_ * future processes to honor the potentially un-safe variables. */ if (!trust) { - unsetenv(LD_ "PRELOAD"); - unsetenv(LD_ "LIBMAP"); - unsetenv(LD_ "LIBRARY_PATH"); - unsetenv(LD_ "LIBMAP_DISABLE"); - unsetenv(LD_ "DEBUG"); - unsetenv(LD_ "ELF_HINTS_PATH"); + if (unsetenv(LD_ "PRELOAD") || unsetenv(LD_ "LIBMAP") || + unsetenv(LD_ "LIBRARY_PATH") || unsetenv(LD_ "LIBMAP_DISABLE") || + unsetenv(LD_ "DEBUG") || unsetenv(LD_ "ELF_HINTS_PATH")) { + _rtld_error("environment corrupt; aborting"); + die(); + } } ld_debug = getenv(LD_ "DEBUG"); libmap_disable = getenv(LD_ "LIBMAP_DISABLE") != NULL;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912010257.nB12v7Qe049986>