From owner-svn-src-head@FreeBSD.ORG  Tue Dec  1 16:25:17 2009
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8BF771065670;
	Tue,  1 Dec 2009 16:25:17 +0000 (UTC) (envelope-from scf@FreeBSD.org)
Received: from mail.farley.org (mail.farley.org [IPv6:2001:470:1f0f:20:2::11])
	by mx1.freebsd.org (Postfix) with ESMTP id 501A78FC0A;
	Tue,  1 Dec 2009 16:25:17 +0000 (UTC)
Received: from thor.farley.org (HPooka@thor.farley.org
	[IPv6:2001:470:1f0f:20:1::5])
	by mail.farley.org (8.14.3/8.14.3) with ESMTP id nB1GPGv9010633;
	Tue, 1 Dec 2009 10:25:16 -0600 (CST) (envelope-from scf@FreeBSD.org)
Date: Tue, 1 Dec 2009 10:25:16 -0600 (CST)
From: "Sean C. Farley" <scf@FreeBSD.org>
To: Robert Watson <rwatson@FreeBSD.org>
In-Reply-To: <alpine.BSF.2.00.0912011514510.84941@fledge.watson.org>
Message-ID: <alpine.BSF.2.00.0912011002210.68765@thor.farley.org>
References: <200912010504.nB154VnS053167@svn.freebsd.org>
	<4B14B32C.3060409@freebsd.org>
	<alpine.BSF.2.00.0912011514510.84941@fledge.watson.org>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Spam-Status: No, score=-2.6 required=4.0 tests=AWL,BAYES_00,NO_RELAYS
	autolearn=ham version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.farley.org
Cc: svn-src-head@FreeBSD.org, Brian Feldman <green@FreeBSD.org>,
	svn-src-all@FreeBSD.org, src-committers@FreeBSD.org,
	Colin Percival <cperciva@FreeBSD.org>
Subject: Re: svn commit: r199983 - in head: lib/libc/stdlib
 tools/regression/environ
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2009 16:25:17 -0000

On Tue, 1 Dec 2009, Robert Watson wrote:

> On Mon, 30 Nov 2009, Colin Percival wrote:

*snip*

>> We've already had two major security issues arising out of getenv.c 
>> in the past year, and I'd like to make sure we don't have a third.
>
> I think it's fair to say that the POSIXization of the environment code 
> has been an unmitigated disaster, and speaks to the necessity for 
> careful review of those sorts of code changes.

As the author of the environment code, I agree that it has been a 
painful process.

Interestingly, the security issue was a combination of r169661 to 
rtld.c, which is a correct action, and the new environ code which was 
developed, as opposed to committed, at the same time.  Separately, the 
security issue would not have existed.

Sean
-- 
scf@FreeBSD.org