From owner-freebsd-security@FreeBSD.ORG Thu Dec 3 19:33:41 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D40211065672 for ; Thu, 3 Dec 2009 19:33:41 +0000 (UTC) (envelope-from thompsa@nz.FreeBSD.org) Received: from pele.citylink.co.nz (pele.citylink.co.nz [202.8.44.226]) by mx1.freebsd.org (Postfix) with ESMTP id 90CE18FC21 for ; Thu, 3 Dec 2009 19:33:41 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by pele.citylink.co.nz (Postfix) with ESMTP id 018A47B502; Fri, 4 Dec 2009 08:15:11 +1300 (NZDT) X-Virus-Scanned: Debian amavisd-new at citylink.co.nz Received: from pele.citylink.co.nz ([127.0.0.1]) by localhost (pele.citylink.co.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CnmgoZSfJnH9; Fri, 4 Dec 2009 08:15:06 +1300 (NZDT) Received: from citylink.fud.org.nz (unknown [202.8.44.45]) by pele.citylink.co.nz (Postfix) with ESMTP; Fri, 4 Dec 2009 08:15:06 +1300 (NZDT) Received: by citylink.fud.org.nz (Postfix, from userid 1001) id 4BB3011475; Fri, 4 Dec 2009 08:15:06 +1300 (NZDT) Date: Fri, 4 Dec 2009 08:15:06 +1300 From: Andrew Thompson To: Timo Schoeler Message-ID: <20091203191506.GA24957@citylink.fud.org.nz> References: <200912030930.nB39UhW9038238@freefall.freebsd.org> <4B179B90.10307@netfence.it> <8ABB1EE2-4521-40EC-9E85-4A0E771D6B7F@mac.com> <200912031837.nB3IbEKB036114@catflap.bishopston.net> <4B180B03.1040405@thedarkside.nl> <4B180C40.3040001@riscworks.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4B180C40.3040001@riscworks.net> User-Agent: Mutt/1.5.17 (2007-11-01) Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-09:16.rtld X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Dec 2009 19:33:41 -0000 On Thu, Dec 03, 2009 at 08:06:40PM +0100, Timo Schoeler wrote: > On 12/03/2009 08:01 PM, Pieter de Boer wrote: > > Jamie Landeg Jones wrote: > >> > >> However, I'd still apply the patch in case some other way to exploit > >> the non-checking of the unsetenv return status crops up elsewhere. > >> > >> It can't do any harm. > > > > The problem with that is, on 6.x, unsetenv() returns 'void', so there's > > no return value to check on. > > > > On 6.x (I've looked at 6.4-RELEASE-p7, it may be different in other > > versions), the unsetenv() uses __findenv() in a while loop to remove the > > given setting. The getenv() function also uses __findenv() to find the > > given environment setting. The issue described in the advisory simply > > doesn't exist in 6(.4-RELEASE-p7). > > patch doesn't complain on the diff, but compiling gives me the following > error on 6.4-STABLE (i386): To quote the advisory "Affects: FreeBSD 7.0 and later." Andrew