From owner-svn-src-all@FreeBSD.ORG Tue Dec 1 15:16:04 2009 Return-Path: Delivered-To: svn-src-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6CCA810656DA; Tue, 1 Dec 2009 15:16:04 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 4450C8FC12; Tue, 1 Dec 2009 15:16:04 +0000 (UTC) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by cyrus.watson.org (Postfix) with ESMTPS id E693946B32; Tue, 1 Dec 2009 10:16:03 -0500 (EST) Date: Tue, 1 Dec 2009 15:16:03 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Colin Percival In-Reply-To: <4B14B32C.3060409@freebsd.org> Message-ID: References: <200912010504.nB154VnS053167@svn.freebsd.org> <4B14B32C.3060409@freebsd.org> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: svn-src-head@FreeBSD.org, Brian Feldman , svn-src-all@FreeBSD.org, src-committers@FreeBSD.org Subject: Re: svn commit: r199983 - in head: lib/libc/stdlib tools/regression/environ X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2009 15:16:04 -0000 On Mon, 30 Nov 2009, Colin Percival wrote: > Brian Feldman wrote: >> Do not gratuitously fail *env(3) operations due to corrupt ('='-less) >> **environ entries. This puts non-getenv(3) operations in line with >> getenv(3) in that bad environ entries do not cause all operations to >> fail. There is still some inconsistency in that getenv(3) in the >> absence of any environment-modifying operation does not emit corrupt >> environ entry warnings. >> >> I also fixed another inconsistency in getenv(3) where updating the >> global environ pointer would not be reflected in the return values. >> It would have taken an intermediary setenv(3)/putenv(3)/unsetenv(3) >> in order to see the change. > > The FreeBSD Security Team is currently dealing with a security issue > relating to this code. Please back out your change (at least to getenv.c; I > don't particularly care about the regression tests) until we've finished, > and then submit the patch to us for review along with a detailed explanation > of what it does. > > We've already had two major security issues arising out of getenv.c in the > past year, and I'd like to make sure we don't have a third. I think it's fair to say that the POSIXization of the environment code has been an unmitigated disaster, and speaks to the necessity for careful review of those sorts of code changes. Robert N M Watson Computer Laboratory University of Cambridge