Date: Thu, 03 Dec 2009 20:01:23 +0100 From: Pieter de Boer <pieter@thedarkside.nl> To: Jamie Landeg Jones <jamie@bishopston.net> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-09:16.rtld Message-ID: <4B180B03.1040405@thedarkside.nl> In-Reply-To: <200912031837.nB3IbEKB036114@catflap.bishopston.net> References: <200912030930.nB39UhW9038238@freefall.freebsd.org> <4B179B90.10307@netfence.it> <8ABB1EE2-4521-40EC-9E85-4A0E771D6B7F@mac.com> <200912031837.nB3IbEKB036114@catflap.bishopston.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jamie Landeg Jones wrote: > > However, I'd still apply the patch in case some other way to exploit > the non-checking of the unsetenv return status crops up elsewhere. > > It can't do any harm. The problem with that is, on 6.x, unsetenv() returns 'void', so there's no return value to check on. On 6.x (I've looked at 6.4-RELEASE-p7, it may be different in other versions), the unsetenv() uses __findenv() in a while loop to remove the given setting. The getenv() function also uses __findenv() to find the given environment setting. The issue described in the advisory simply doesn't exist in 6(.4-RELEASE-p7). -- Pieter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B180B03.1040405>