From owner-freebsd-security@FreeBSD.ORG Thu Dec 3 19:10:16 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 61D38106568B for ; Thu, 3 Dec 2009 19:10:16 +0000 (UTC) (envelope-from jamie@bishopston.net) Received: from pacha.mail.bishopston.net (pacha.mail.bishopston.net [IPv6:2001:5c0:1100:200::3]) by mx1.freebsd.org (Postfix) with ESMTP id D3CB28FC08 for ; Thu, 3 Dec 2009 19:10:15 +0000 (UTC) X-Catflap-Envelope-From: X-Catflap-Envelope-To: freebsd-security@freebsd.org Received: from catflap.bishopston.net (jamie@localhost [127.0.0.1]) by catflap.bishopston.net (8.14.3/8.14.3) with ESMTP id nB3JAE8n028481; Thu, 3 Dec 2009 19:10:14 GMT (envelope-from jamie@catflap.bishopston.net) Received: (from jamie@localhost) by catflap.bishopston.net (8.14.3/8.12.9/Submit) id nB3JAEKj028478; Thu, 3 Dec 2009 19:10:14 GMT From: Jamie Landeg Jones Message-Id: <200912031910.nB3JAEKj028478@catflap.bishopston.net> Date: Thu, 03 Dec 2009 19:10:14 +0000 Organization: http://www.bishopston.com/jamie/ To: timo.schoeler@riscworks.net, freebsd-security@freebsd.org References: <200912030930.nB39UhW9038238@freefall.freebsd.org> <4B179B90.10307@netfence.it> <8ABB1EE2-4521-40EC-9E85-4A0E771D6B7F@mac.com> <200912031837.nB3IbEKB036114@catflap.bishopston.net> <4B180B03.1040405@thedarkside.nl> <4B180C40.3040001@riscworks.net> In-Reply-To: <4B180C40.3040001@riscworks.net> User-Agent: Heirloom mailx 12.4 7/29/08 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.2 (catflap.bishopston.net [127.0.0.1]); Thu, 03 Dec 2009 19:10:14 +0000 (GMT) X-Virus-Scanned: clamav-milter 0.95.2 at catflap.bishopston.net X-Virus-Status: Clean Cc: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-09:16.rtld X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Dec 2009 19:10:16 -0000 > > On 12/03/2009 08:01 PM, Pieter de Boer wrote: > > Jamie Landeg Jones wrote: > >> > >> However, I'd still apply the patch in case some other way to exploit > >> the non-checking of the unsetenv return status crops up elsewhere. > >> > >> It can't do any harm. > > > > The problem with that is, on 6.x, unsetenv() returns 'void', so there's > > no return value to check on. As Pieter pointed out, unsetenv returns 'void', so checking for a return value (like that patch does) doesn't make sense. Sorry for wasting your time - the patch is not necessary (and won't even work) on 6.X systems, as you've discovered. Your system is safe from this attack, and any related ones. Jamie