Skip site navigation (1)Skip section navigation (2) 
Date:      Tue,  7 Mar 2006 15:17:15 +0100 (CET)
From:      Kenneth Vestergaard Schmidt <kvs@binarysolutions.dk>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        kvs@binarysolutions.dk
Subject:   ports/94170: Port security/chroot_safe unintended environment leak (minor security flaw)
Message-ID:  <20060307141715.CF25E6159@donkey.binarysolutions.dk>
Resent-Message-ID: <200603071420.k27EK56B032286@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         94170
>Category:       ports
>Synopsis:       Port security/chroot_safe unintended environment leak (minor security flaw)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Mar 07 14:20:05 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Kenneth Vestergaard Schmidt
>Release:        FreeBSD 7.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD donkey.binarysolutions.dk 7.0-CURRENT FreeBSD 7.0-CURRENT #6: Fri Feb 3 01:17:43 CET 2006 root@donkey.binarysolutions.dk:/usr/obj/usr/src/sys/X30 i386

>Description:
        The putenv(3) library call doesn't unset environment variables on
        FreeBSD as it apparently does on Linux. The correct usage is unsetenv(3).
        This has the effect that CHROOT_USER, CHROOT_ROOT and LD_PRELOAD are leaked
        into the chroot'ed programs environment.
>How-To-Repeat:
        Dump the environment after invoking something with chroot_safe.so preloaded.
>Fix:
        Apply the following diff to the port's Makefile. It will replace the usage of
        putenv(3) with unsetenv(3).

--- Makefile.orig       Thu Mar  2 23:42:49 2006
+++ Makefile    Thu Mar  2 23:42:10 2006
@@ -25,5 +25,6 @@
                -e 's|-o chroot_safe.so|chroot_safe.cpp -o chroot_safe.so|' \
                ${WRKSRC}/Makefile.in
        ${REINPLACE_CMD} 's|chroot(1)|chroot(8)|' ${WRKSRC}/chroot_safe.1.in
+       ${REINPLACE_CMD} 's|putenv|unsetenv|' ${WRKSRC}/chroot_safe.cpp
 
 .include <bsd.port.mk>

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060307141715.CF25E6159>