Date: Sat, 05 Dec 2009 00:30:39 +0200 From: Dmitry Pryanishnikov <lynx.ripe@gmail.com> To: Nikolaos Rangos <nikolaos.rangos@googlemail.com> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-09:16.rtld Message-ID: <4B198D8F.9000400@gmail.com>
next in thread | raw e-mail | index | archive | help
Hello! > So it would be possible to set an > environment > variable which in this case is not UNSETABLE or SETABLE (unsetenv and > putenv/setenv > respectively), in my eyes this is a bad behaviour of the enviroment handling > routines > introduced recently in FreeBSD. Yes, this is a very dangerous situation when environmental variable can't be unset yet can be read. I would only understand that if we supported readonly variables. But officially we haven't them, yet virtually they can exist due to the corrupted environment ;( Generally speaking, IMHO, having destroying function that can fail is the thing which should be avoided if possible. Imagine free() which could fail... Sounds really weird, but current unsetenv() behaviour resembles that. Sincerely, Dmitry -- nic-hdl: LYNX-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B198D8F.9000400>