From owner-cvs-src@FreeBSD.ORG Mon Apr 30 23:18:49 2007 Return-Path: X-Original-To: cvs-src@FreeBSD.ORG Delivered-To: cvs-src@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1EF0516A400; Mon, 30 Apr 2007 23:18:49 +0000 (UTC) (envelope-from das@FreeBSD.ORG) Received: from VARK.MIT.EDU (VARK.MIT.EDU [18.95.3.179]) by mx1.freebsd.org (Postfix) with ESMTP id D4E6413C44B; Mon, 30 Apr 2007 23:18:48 +0000 (UTC) (envelope-from das@FreeBSD.ORG) Received: from VARK.MIT.EDU (localhost [127.0.0.1]) by VARK.MIT.EDU (8.13.8/8.13.1) with ESMTP id l3UMvHrv007033; Mon, 30 Apr 2007 18:57:17 -0400 (EDT) (envelope-from das@FreeBSD.ORG) Received: (from das@localhost) by VARK.MIT.EDU (8.13.8/8.13.1/Submit) id l3UMvHrk007032; Mon, 30 Apr 2007 18:57:17 -0400 (EDT) (envelope-from das@FreeBSD.ORG) Date: Mon, 30 Apr 2007 18:57:17 -0400 From: David Schultz To: Andrey Chernov , Alfred Perlstein , src-committers@FreeBSD.ORG, cvs-src@FreeBSD.ORG, cvs-all@FreeBSD.ORG Message-ID: <20070430225717.GA7008@VARK.MIT.EDU> Mail-Followup-To: Andrey Chernov , Alfred Perlstein , src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org References: <200704301516.l3UFGJbu019162@repoman.freebsd.org> <20070430180043.GK13868@elvis.mu.org> <20070430181824.GA83415@nagual.pp.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070430181824.GA83415@nagual.pp.ru> Cc: Subject: Re: cvs commit: src/usr.sbin/sysinstall main.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Apr 2007 23:18:49 -0000 On Mon, Apr 30, 2007, Andrey Chernov wrote: > On Mon, Apr 30, 2007 at 11:00:43AM -0700, Alfred Perlstein wrote: > > * Andrey A. Chernov [070430 08:17] wrote: > > > ache 2007-04-30 15:16:19 UTC > > > > > > FreeBSD src repository > > > > > > Modified files: > > > usr.sbin/sysinstall main.c > > > Log: > > > Preparing for upcoming POSIXed putenv() rewrite: > > > don't allow const as putenv() arg, dup it > > > > > > Revision Changes Path > > > 1.75 +1 -1 src/usr.sbin/sysinstall/main.c > > > > Maybe this was mentioned on the lists, but couldn't there be some > > kind of define that old code could use like #define BSD_PUTENV? > > Why? We must follow standards to stay in line with possible concurrents, > and we already are several years later with that. Even in case some > applications will be found incompatible, they forced to follow standards > too to continue works in the modern environment. > > > I'm concerned that all these changes could lead to security > > holes. > > Please be specific. Which changes exactly you means? Changes to > applications works with any putenv() kind, they are just portablility > fixes, no holes there. Changes to the library aren't under the question > too: you can just directly modify **environ variable from your own code > bypassing any setenv and putenv - they are just convenient interface. I think Alfred is absolutely right, and this is a pretty major POLA violation. As a result of these changes, I've got two ports (so far) and some model checking software that won't build/run anymore. If we've been doing something right for years, changing it around in order to inherit SVR4 bugs seems like a bad plan. Holding up your POSIX banner doesn't really make things okay; POSIX wasn't written by God, and we choose to ignore various parts of it. And considering the way various setuid programs attempt to sanitize their environment before doing a fork/exec, the change may very well have security implications. That said, I have important deadlines and no time to deal with this now, so I'm just reverting to yesterday's sources until I do.