Date: Tue, 01 Dec 2009 17:37:09 +0100 From: Dan Lukes <dan@obluda.cz> To: freebsd security <freebsd-security@freebsd.org> Subject: Re: Upcoming FreeBSD Security Advisory Message-ID: <4B154635.2050209@obluda.cz> In-Reply-To: <86skbuet3x.fsf@ds4.des.no> References: <200912010120.nB11Kjm9087476@freefall.freebsd.org> <ov3Jq1IJ/c8KAXGQ501G8Os9xr8@Ll2tHa60cb%2BhiG8R4R8/VS21128> <20091201111627.GC4920@borusse.borussiapark> <86skbuet3x.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Dag-Erling Sm=C3=B8rgrav napsal/wrote, On 12/01/09 14:12:
> As to the second: yes, 6.1 is most likely affected.
Probably no.
The older algorithm used in 6.1 looks like
-----------------
if (trusted) {
variable =3D getenv(NAME);
....
-----------------
The affected algorithm looks like:
-----------------
if (!trusted) {
unsetenv(NAME);
...
};
variable =3D getenv(NAME);
-----------------
As far as I know such change has been MFCed into 6.3, 6.4, 7.x but not=20
into 6.1. So 6.1 should not be affected by this bug (but remain=20
vulnerable to problem that triggered the change of old algorithm to new).=
Dan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B154635.2050209>