Date: Tue, 01 Dec 2009 13:26:52 +0100 From: Dan Lukes <dan@obluda.cz> To: freebsd-security@freebsd.org Subject: Re: Upcoming FreeBSD Security Advisory Message-ID: <4B150B8C.90402@obluda.cz> In-Reply-To: <4B1503CB.3080405@nruns.com> References: <200912010120.nB11Kjm9087476@freefall.freebsd.org> <ov3Jq1IJ/c8KAXGQ501G8Os9xr8@Ll2tHa60cb%2BhiG8R4R8/VS21128> <20091201114845.359731A828F@mailv.nruns.com> <4B1503CB.3080405@nruns.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jan Muenther napsal/wrote, On 12/01/09 12:53:
> I'd be greatly surprised if the affected code looked different in 6.x.
True, affected code is same. But unsetenv() "return" 'void' on 6.x, so
the code can't be patched the same way as in 7.x/8.x/HEAD
We need something like
if (getenv(...) != NULL ) {
unsetenv(...);
if (getenv(...) != NULL )
ABORT - BROKEN ENVIRONMENT
}
Dan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B150B8C.90402>