Date: Thu, 03 Dec 2009 20:55:54 +0200 From: Dmitry Pryanishnikov <lynx.ripe@gmail.com> To: Jamie Landeg Jones <jamie@bishopston.net> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-09:16.rtld Message-ID: <4B1809BA.2050702@gmail.com>
next in thread | raw e-mail | index | archive | help
Hello! > The change that introduced the bug was made as follows: > > | Revision 1.124: download - view: text, markup, annotated - select for diffs > | Thu May 17 18:00:27 2007 UTC (2 years, 6 months ago) by csjp > | Branches: MAIN ... > This was also ported MFC'd into 6.3 onwards: ... > So, yes, FreeBSD 6.3-RELEASE upwards are affected - FreeBSD 6.2 isn't. Well, not exactly. This change introduces vulnerability _only_ if *env() implementation allows to create an environment, in which unsetenv(X) will fail but getenv(X) will still work. RELENG_6 luckily uses old, legacy, but _consistent_ *env() implementation which just uses the same variable search routine __findenv() both in getenv() and unsetenv(). So IMHO the advisory is correct, and there is no need to patch 6.*. Sincerely, Dmitry -- nic-hdl: LYNX-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B1809BA.2050702>