From owner-freebsd-security@FreeBSD.ORG Tue Dec 1 16:00:20 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E5692106566B for ; Tue, 1 Dec 2009 16:00:19 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 8D40B8FC12 for ; Tue, 1 Dec 2009 16:00:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=codelabs.ru; s=two; h=Sender:In-Reply-To:Content-Type:MIME-Version:References:Reply-To:Message-ID:Subject:Cc:To:From:Date; bh=JUiZO050xwIkjg8S+P/W/ht8+juGpbSySSIimpDuBj0=; b=OtVpIVSQZf5OFTxbj2+0syU3z1LMLo0+uRsea4relET/YIOady1uCzFJkk5wKG3nEtss71n9FIOuWKgT3qtB2068DRA7A2XH0HSGKX9UDImiSY+hNwNjDU/8lD63ddGu4giXw/39N46wqMyHCv5lwk8R/HXTnJGdUrOdelWsLUHAEgPYcFwwhlZBZtp+mjmcV2+rNyP6h4SJq8CDS4pjK4gRiioSWSeLl2uMJHW1iMHD23TjA3X+4raesHHodm3lLUeNxldAvkAebOt7UGbFaX4lB5BVVz1oPPA9Znc/yHMOcl/jCyOMpyWv1jOdgwiRqmZYRfwjpoy5poD5iGHNlQ==; Received: from void.codelabs.ru (void.codelabs.ru [144.206.177.25]) by 0.mx.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1NFV9G-00079m-KT; Tue, 01 Dec 2009 19:00:18 +0300 Date: Tue, 1 Dec 2009 19:00:16 +0300 From: Eygene Ryabinkin To: Vasim Valejev Message-ID: <2l7ppaOshvDTrwINE81EpiKZPIo@HdC2pNlxoZEC2oqxdWvElH3kUBc> References: <025901ca728f$f7565340$0132a8c0@fb4e97440cc340b> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="ieNMXl1Fr3cevapt" Content-Disposition: inline In-Reply-To: <025901ca728f$f7565340$0132a8c0@fb4e97440cc340b> Sender: rea-fbsd@codelabs.ru X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org Subject: Re: LD_PRELOAD temporary patch X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: rea-fbsd@codelabs.ru List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2009 16:00:20 -0000 --ieNMXl1Fr3cevapt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Good evening. Tue, Dec 01, 2009 at 05:09:57PM +0300, Vasim Valejev wrote: > I've used that patch to close the hole. This patch is temporary and > doesn't fix real trouble maker - problem in new version in getenv() If you're talking about rtld-elf local root, then the real issue is that return values of unsetenv() are not checked and unsetenv() could fail, thus leaving LD_PRELOAD and friends left unmodified. > (after 6.3 it got changed to something monstrous and non-working right > if environment has only one variable), Sorry, what do you mean by this? Does the attached script print 'VAR = variable' for you as it does for me on 8.0-BETA2 (and undoubtly, on 8.0)? If yes then getenv() works properly with a single environment variable. Perhaps you meant something else? -- Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook {_.-``-' {_/ # --ieNMXl1Fr3cevapt--