From owner-freebsd-security@FreeBSD.ORG  Tue Dec  1 16:37:13 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3547B1065693
	for <freebsd-security@freebsd.org>;
	Tue,  1 Dec 2009 16:37:13 +0000 (UTC) (envelope-from dan@obluda.cz)
Received: from smtp1.kolej.mff.cuni.cz (smtp1.kolej.mff.cuni.cz
	[IPv6:2001:718:1e03:a01::a])
	by mx1.freebsd.org (Postfix) with ESMTP id B757C8FC12
	for <freebsd-security@freebsd.org>;
	Tue,  1 Dec 2009 16:37:12 +0000 (UTC)
X-Envelope-From: dan@obluda.cz
Received: from kgw.obluda.cz (openvpn.ms.mff.cuni.cz [195.113.20.87])
	by smtp1.kolej.mff.cuni.cz (8.14.3/8.14.3) with ESMTP id nB1Gb98r089702
	for <freebsd-security@freebsd.org>; Tue, 1 Dec 2009 17:37:11 +0100 (CET)
	(envelope-from dan@obluda.cz)
Message-ID: <4B154635.2050209@obluda.cz>
Date: Tue, 01 Dec 2009 17:37:09 +0100
From: Dan Lukes <dan@obluda.cz>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US;
	rv:1.8.1.23) Gecko/20090908 SeaMonkey/1.1.18
MIME-Version: 1.0
To: freebsd security <freebsd-security@freebsd.org>
References: <200912010120.nB11Kjm9087476@freefall.freebsd.org>	<ov3Jq1IJ/c8KAXGQ501G8Os9xr8@Ll2tHa60cb+hiG8R4R8/VS21128>	<20091201111627.GC4920@borusse.borussiapark>
	<86skbuet3x.fsf@ds4.des.no>
In-Reply-To: <86skbuet3x.fsf@ds4.des.no>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Subject: Re: Upcoming FreeBSD Security Advisory
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2009 16:37:13 -0000

Dag-Erling Sm=C3=B8rgrav napsal/wrote, On 12/01/09 14:12:
> As to the second: yes, 6.1 is most likely affected.

Probably no.

The older algorithm used in 6.1 looks like
  -----------------
if (trusted) {
	variable =3D getenv(NAME);
         ....
  -----------------

The affected algorithm looks like:
  -----------------
if (!trusted) {
	unsetenv(NAME);
	...
};
variable =3D getenv(NAME);
  -----------------

As far as I know such change has been MFCed into 6.3, 6.4, 7.x but not=20
into 6.1. So 6.1 should not be affected by this bug (but remain=20
vulnerable to problem that triggered the change of old algorithm to new).=


					Dan