From owner-freebsd-security@FreeBSD.ORG Tue Dec 1 17:10:11 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D549D10656D4 for ; Tue, 1 Dec 2009 17:10:11 +0000 (UTC) (envelope-from jille@quis.cx) Received: from mulgore.hexon-is.nl (mulgore.hexon-is.nl [82.94.237.14]) by mx1.freebsd.org (Postfix) with ESMTP id 60CD28FC0C for ; Tue, 1 Dec 2009 17:10:11 +0000 (UTC) Received: from adidas.hexon-nijmegen.nl (gw.hexon-nijmegen.nl [82.93.241.107]) by mulgore.hexon-is.nl (8.14.1/8.14.1) with ESMTP id nB1GbOTe011277; Tue, 1 Dec 2009 17:37:24 +0100 Received: from [10.0.0.142] (HENK.hexon-nijmegen.nl [10.0.0.142]) by adidas.hexon-nijmegen.nl (8.14.3/8.14.3) with ESMTP id nB1GbN52002402; Tue, 1 Dec 2009 17:37:23 +0100 Message-ID: <4B15463F.406@quis.cx> Date: Tue, 01 Dec 2009 17:37:19 +0100 From: Jille Timmermans User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: rea-fbsd@codelabs.ru References: <025901ca728f$f7565340$0132a8c0@fb4e97440cc340b> <2l7ppaOshvDTrwINE81EpiKZPIo@HdC2pNlxoZEC2oqxdWvElH3kUBc> In-Reply-To: <2l7ppaOshvDTrwINE81EpiKZPIo@HdC2pNlxoZEC2oqxdWvElH3kUBc> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Hexon-MailScanner-Information: Please contact the ISP for more information X-Hexon-MailScanner-ID: nB1GbOTe011277 X-Hexon-MailScanner: Found to be clean X-Hexon-MailScanner-From: jille@quis.cx X-Hexon-MailScanner-Watermark: 1260290248.00086@KF+8p8wI7U33tWrwur9lVQ Cc: freebsd-security@freebsd.org, Vasim Valejev Subject: Re: LD_PRELOAD temporary patch X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2009 17:10:11 -0000 Eygene Ryabinkin schreef: > Good evening. > > Tue, Dec 01, 2009 at 05:09:57PM +0300, Vasim Valejev wrote: > >> I've used that patch to close the hole. This patch is temporary and >> doesn't fix real trouble maker - problem in new version in getenv() >> > > If you're talking about rtld-elf local root, then the real issue > is that return values of unsetenv() are not checked and unsetenv() > could fail, thus leaving LD_PRELOAD and friends left unmodified. > Isn't the real issue that unsetenv() works differently from getenv() ? If they both said 'your environment is crappy' there wouldn't have been a problem, would it ? If I'm correct, rtld isn't that wrong: It seems like a sane assumption to me that if you can't delete it, you can't retreive it either. (There are exceptions to this rule, like problems with freeing the memory, but that isn't a problem in this case) -- Jille > >> (after 6.3 it got changed to something monstrous and non-working right >> if environment has only one variable), >> > > Sorry, what do you mean by this? Does the attached script print 'VAR = > variable' for you as it does for me on 8.0-BETA2 (and undoubtly, on > 8.0)? If yes then getenv() works properly with a single environment > variable. Perhaps you meant something else? > > ------------------------------------------------------------------------ > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"