Date: Thu, 03 Dec 2009 19:10:14 +0000 From: Jamie Landeg Jones <jamie@bishopston.net> To: timo.schoeler@riscworks.net, freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-09:16.rtld Message-ID: <200912031910.nB3JAEKj028478@catflap.bishopston.net> In-Reply-To: <4B180C40.3040001@riscworks.net> References: <200912030930.nB39UhW9038238@freefall.freebsd.org> <4B179B90.10307@netfence.it> <8ABB1EE2-4521-40EC-9E85-4A0E771D6B7F@mac.com> <200912031837.nB3IbEKB036114@catflap.bishopston.net> <4B180B03.1040405@thedarkside.nl> <4B180C40.3040001@riscworks.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > On 12/03/2009 08:01 PM, Pieter de Boer wrote: > > Jamie Landeg Jones wrote: > >> > >> However, I'd still apply the patch in case some other way to exploit > >> the non-checking of the unsetenv return status crops up elsewhere. > >> > >> It can't do any harm. > > > > The problem with that is, on 6.x, unsetenv() returns 'void', so there's > > no return value to check on. As Pieter pointed out, unsetenv returns 'void', so checking for a return value (like that patch does) doesn't make sense. Sorry for wasting your time - the patch is not necessary (and won't even work) on 6.X systems, as you've discovered. Your system is safe from this attack, and any related ones. Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912031910.nB3JAEKj028478>