Date: Thu, 03 Dec 2009 20:32:40 +0100 From: Timo Schoeler <timo.schoeler@riscworks.net> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-09:16.rtld Message-ID: <4B181258.9060607@riscworks.net> In-Reply-To: <20091203191506.GA24957@citylink.fud.org.nz> References: <200912030930.nB39UhW9038238@freefall.freebsd.org> <4B179B90.10307@netfence.it> <8ABB1EE2-4521-40EC-9E85-4A0E771D6B7F@mac.com> <200912031837.nB3IbEKB036114@catflap.bishopston.net> <4B180B03.1040405@thedarkside.nl> <4B180C40.3040001@riscworks.net> <20091203191506.GA24957@citylink.fud.org.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/03/2009 08:15 PM, Andrew Thompson wrote: > On Thu, Dec 03, 2009 at 08:06:40PM +0100, Timo Schoeler wrote: >> On 12/03/2009 08:01 PM, Pieter de Boer wrote: >>> Jamie Landeg Jones wrote: >>>> >>>> However, I'd still apply the patch in case some other way to exploit >>>> the non-checking of the unsetenv return status crops up elsewhere. >>>> >>>> It can't do any harm. >>> >>> The problem with that is, on 6.x, unsetenv() returns 'void', so there's >>> no return value to check on. >>> >>> On 6.x (I've looked at 6.4-RELEASE-p7, it may be different in other >>> versions), the unsetenv() uses __findenv() in a while loop to remove the >>> given setting. The getenv() function also uses __findenv() to find the >>> given environment setting. The issue described in the advisory simply >>> doesn't exist in 6(.4-RELEASE-p7). >> >> patch doesn't complain on the diff, but compiling gives me the following >> error on 6.4-STABLE (i386): > > To quote the advisory > > "Affects: FreeBSD 7.0 and later." i) there was not a big discussion on this list ii) humans are impeccable
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B181258.9060607>