Date: Fri, 04 Dec 2009 11:21:57 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Jamie Landeg Jones <jamie@bishopston.net> Cc: freebsd-security@freebsd.org, timo.schoeler@riscworks.net Subject: Re: FreeBSD Security Advisory FreeBSD-SA-09:16.rtld Message-ID: <86ljhjvy2i.fsf@ds4.des.no> In-Reply-To: <200912031829.nB3ITEiX015363@catflap.bishopston.net> (Jamie Landeg Jones's message of "Thu, 03 Dec 2009 18:29:14 %2B0000") References: <200912030930.nB39UhW9038238@freefall.freebsd.org> <4B179B90.10307@netfence.it> <200912031455.nB3EtriT031315@catflap.bishopston.net> <4B17D39B.5030204@riscworks.net> <200912031829.nB3ITEiX015363@catflap.bishopston.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jamie Landeg Jones <jamie@bishopston.net> writes: > However, I would certainly apply the patch anyway - basically, the old way > was just blindly unsetting environment variables and blindly assuming the > unsetting worked. It won't build. > Just in case there is some other way of exploiting the fact that rtld.c d= idn't > check whether unsetenv was successful (which I bet people are now looking= for) > I'd apply the patch to 6.3 and 6.4 also, just to be sure. It won't build. from <stdlib.h> in stable/6: void unsetenv(const char *); DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86ljhjvy2i.fsf>