Date: Tue, 01 Dec 2009 17:37:09 +0100 From: Dan Lukes <dan@obluda.cz> To: freebsd security <freebsd-security@freebsd.org> Subject: Re: Upcoming FreeBSD Security Advisory Message-ID: <4B154635.2050209@obluda.cz> In-Reply-To: <86skbuet3x.fsf@ds4.des.no> References: <200912010120.nB11Kjm9087476@freefall.freebsd.org> <ov3Jq1IJ/c8KAXGQ501G8Os9xr8@Ll2tHa60cb%2BhiG8R4R8/VS21128> <20091201111627.GC4920@borusse.borussiapark> <86skbuet3x.fsf@ds4.des.no>
index | next in thread | previous in thread | raw e-mail
Dag-Erling Smørgrav napsal/wrote, On 12/01/09 14:12:
> As to the second: yes, 6.1 is most likely affected.
Probably no.
The older algorithm used in 6.1 looks like
-----------------
if (trusted) {
variable = getenv(NAME);
....
-----------------
The affected algorithm looks like:
-----------------
if (!trusted) {
unsetenv(NAME);
...
};
variable = getenv(NAME);
-----------------
As far as I know such change has been MFCed into 6.3, 6.4, 7.x but not
into 6.1. So 6.1 should not be affected by this bug (but remain
vulnerable to problem that triggered the change of old algorithm to new).
Dan
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B154635.2050209>