From owner-freebsd-stable@FreeBSD.ORG Tue Jun 10 04:14:50 2008 Return-Path: Delivered-To: freebsd-stable@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E6728106567B for ; Tue, 10 Jun 2008 04:14:50 +0000 (UTC) (envelope-from tss@iki.fi) Received: from dovecot.org (dovecot.org [82.118.211.50]) by mx1.freebsd.org (Postfix) with ESMTP id 68B148FC17 for ; Tue, 10 Jun 2008 04:14:48 +0000 (UTC) (envelope-from tss@iki.fi) Received: from [192.168.10.2] (xdsl-177-118.nblnetworks.fi [217.30.177.118]) by dovecot.org (Postfix) with ESMTP id 9C10416471E7; Tue, 10 Jun 2008 07:14:17 +0300 (EEST) From: Timo Sirainen To: "Sean C. Farley" In-Reply-To: References: <1213036854.3904.967.camel@hurina> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-I+sIyPBBrbdbStxzgCqS" Date: Tue, 10 Jun 2008 07:14:17 +0300 Message-Id: <1213071257.3904.991.camel@hurina> Mime-Version: 1.0 X-Mailer: Evolution 2.22.1 Cc: freebsd-stable@FreeBSD.org Subject: Re: Environment clearing broken in 7.0 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jun 2008 04:14:51 -0000 --=-I+sIyPBBrbdbStxzgCqS Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mon, 2008-06-09 at 22:27 -0500, Sean C. Farley wrote: > On Mon, 9 Jun 2008, Timo Sirainen wrote: >=20 > > I think clearing environment using: > > > > environ[0] =3D NULL; > > > > has been kind of a semi-standard for a while now. At least Dovecot and > > Postfix clears their environment this way. But this no longer works in > > FreeBSD 7.0 (putenv(), environ[0]=3DNULL, putenv() -> everything is > > visible again). Was this change intended, or will this be fixed? >=20 > It is more or less intended. When a program sets an environment > variable, the environment is copied for faster/leaner usage. Changing > individual values within environ is not checked else every pointer would > need to be checked for consistency. What I did was to write the code to > detect if environ is replaced (NULL or new array of variables). OK, so perhaps Sendmail's way of clearing environment would be the best solution: static char *emptyenv[1] =3D { NULL }; environ =3D emptyenv; > I suggest reading the two paragraphs from Open Group's getenv()[1] > documentation starting at "Conforming applications are required not to > modify environ directly, ..." for the rationale in the new design. > Obviously, applications are not required to conform, but the > documentation talks about what an OS may be doing under the covers to > environ. How about implementing clearenv()? I'm using it now if it's available. > Out of curiosity, do Dovecot and Postfix check that environ is not NULL > before setting environ[0]? environ may be set to NULL at the start but > not by FreeBSD's /usr/bin/env -i. Yes, both check if it's NULL. (I think I originally copied my code's logic from Postfix.) > > Looks like I could work around this by using: > > > > environ =3D NULL; >=20 > That will work on the *BSD's, OpenSolaris and Linux. But not on OS X. It crashes there. > Also, this will work: > environ =3D calloc(1, sizeof(*environ)); Is this any better than using a static emptyenv[1]? BTW. I wonder if this change breaks any applications where not clearing environment could result in a security hole. As far as I know FreeBSD 7.0 is the only modern OS where environ[0]=3DNULL doesn't work. --=-I+sIyPBBrbdbStxzgCqS Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQBITf+ZyUhSUUBViskRAgpiAJwLskiHlm3fBJUtOAT0Dw1i+N9eaACfQG4r w1BFns+UqmPLDvP7aJh3yMY= =ewlv -----END PGP SIGNATURE----- --=-I+sIyPBBrbdbStxzgCqS--