From owner-svn-src-all@FreeBSD.ORG Tue Dec 1 16:25:17 2009 Return-Path: Delivered-To: svn-src-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8BF771065670; Tue, 1 Dec 2009 16:25:17 +0000 (UTC) (envelope-from scf@FreeBSD.org) Received: from mail.farley.org (mail.farley.org [IPv6:2001:470:1f0f:20:2::11]) by mx1.freebsd.org (Postfix) with ESMTP id 501A78FC0A; Tue, 1 Dec 2009 16:25:17 +0000 (UTC) Received: from thor.farley.org (HPooka@thor.farley.org [IPv6:2001:470:1f0f:20:1::5]) by mail.farley.org (8.14.3/8.14.3) with ESMTP id nB1GPGv9010633; Tue, 1 Dec 2009 10:25:16 -0600 (CST) (envelope-from scf@FreeBSD.org) Date: Tue, 1 Dec 2009 10:25:16 -0600 (CST) From: "Sean C. Farley" To: Robert Watson In-Reply-To: Message-ID: References: <200912010504.nB154VnS053167@svn.freebsd.org> <4B14B32C.3060409@freebsd.org> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Spam-Status: No, score=-2.6 required=4.0 tests=AWL,BAYES_00,NO_RELAYS autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.farley.org Cc: svn-src-head@FreeBSD.org, Brian Feldman , svn-src-all@FreeBSD.org, src-committers@FreeBSD.org, Colin Percival Subject: Re: svn commit: r199983 - in head: lib/libc/stdlib tools/regression/environ X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2009 16:25:17 -0000 On Tue, 1 Dec 2009, Robert Watson wrote: > On Mon, 30 Nov 2009, Colin Percival wrote: *snip* >> We've already had two major security issues arising out of getenv.c >> in the past year, and I'd like to make sure we don't have a third. > > I think it's fair to say that the POSIXization of the environment code > has been an unmitigated disaster, and speaks to the necessity for > careful review of those sorts of code changes. As the author of the environment code, I agree that it has been a painful process. Interestingly, the security issue was a combination of r169661 to rtld.c, which is a correct action, and the new environ code which was developed, as opposed to committed, at the same time. Separately, the security issue would not have existed. Sean -- scf@FreeBSD.org