From owner-freebsd-current@FreeBSD.ORG Fri Jul 13 19:39:48 2007 Return-Path: X-Original-To: freebsd-current@FreeBSD.org Delivered-To: freebsd-current@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 271D416A403 for ; Fri, 13 Jul 2007 19:39:48 +0000 (UTC) (envelope-from scf@FreeBSD.org) Received: from mail.farley.org (farley.org [67.64.95.201]) by mx1.freebsd.org (Postfix) with ESMTP id DCDB413C481 for ; Fri, 13 Jul 2007 19:39:47 +0000 (UTC) (envelope-from scf@FreeBSD.org) Received: from thor.farley.org (thor.farley.org [192.168.1.5]) by mail.farley.org (8.14.1/8.14.1) with ESMTP id l6DJfcd9053388; Fri, 13 Jul 2007 14:41:38 -0500 (CDT) (envelope-from scf@FreeBSD.org) Date: Fri, 13 Jul 2007 14:39:30 -0500 (CDT) From: "Sean C. Farley" To: Andrey Chernov In-Reply-To: <20070713162742.GA16260@nagual.pp.ru> Message-ID: <20070713142545.K26096@thor.farley.org> References: <20070704215154.O77978@thor.farley.org> <20070705115816.GA50506@nagual.pp.ru> <20070705105922.F98700@thor.farley.org> <20070707130859.GA96605@nagual.pp.ru> <20070707131359.GB96605@nagual.pp.ru> <20070707133102.C14065@thor.farley.org> <20070707191835.GA4368@nagual.pp.ru> <20070707205410.B14065@thor.farley.org> <20070708020940.GA80166@nagual.pp.ru> <20070708171727.GA90490@nagual.pp.ru> <20070713162742.GA16260@nagual.pp.ru> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.2.1 X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on mail.farley.org Cc: freebsd-current Subject: Re: Environment handling broken in /bin/sh with changes to {get,set,put}env() X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jul 2007 19:39:48 -0000 On Fri, 13 Jul 2007, Andrey Chernov wrote: > On Sun, Jul 08, 2007 at 09:17:27PM +0400, Andrey Chernov wrote: *snip* > [snip] > > I found another breakage case not covered by your last getenv() fix. > Take this simple program: > > -- a.c --------------------------------------------------------------- > #include > extern char **environ; > > main () { > > static char *nenv[2]; > > nenv[0] = "PATH=/bin"; > nenv[1] = NULL; > > /* > environ = nenv; > unsetenv("PATH"); or somethig like > which touch '=' char in nenv[0] > */ > > nenv[0][4] = '\0'; > > } > -- a.c --------------------------------------------------------------- *snip* > As you may see, compiler puts "PATH=/bin" to the program's .rodata > section which is placed to read only memory. > > If later you'll modify this single "PATH=/bin" (comes from "nenv" now) > by > *equals = '\0'; > ... > *equals = '='; > core dump happens, which simulated in my simple a.c example by > nenv[0][4] = '\0'; > > Just run it and got code dump. FreeBSD 6 will also dump if the length of the value was less than or equal to "/bin" since it reuses this string. This will core dump: nenv[0] = "PATH=/bin"; nenv[1] = NULL; environ = nenv; setenv("PATH", "/bin", 1); Sean -- scf@FreeBSD.org