Date: Wed, 4 Jul 2007 14:47:50 -0500 (CDT)
From: "Sean C. Farley" <scf@FreeBSD.org>
To: Andrey Chernov <ache@nagual.pp.ru>
Cc: freebsd-current <freebsd-current@FreeBSD.org>, Robert Watson <rwatson@FreeBSD.org>, Michal Mertl <mime@traveller.cz>
Subject: Re: Environment handling broken in /bin/sh with changes to {get,set,put}env()
Message-ID: <20070704144159.X77978@thor.farley.org>
In-Reply-To: <20070704180000.GA34042@nagual.pp.ru>
References: <1183557221.1799.16.camel@genius.i.cz> <20070704143642.GA31254@nagual.pp.ru> <20070704150312.GB31683@nagual.pp.ru> <20070704101026.O77978@thor.farley.org> <20070704173905.T67251@fledge.watson.org> <20070704121316.A77978@thor.farley.org> <20070704180000.GA34042@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 4 Jul 2007, Andrey Chernov wrote: > On Wed, Jul 04, 2007 at 12:53:25PM -0500, Sean C. Farley wrote: >> functions. I am not certain that sh would work even with OpenSolaris >> since it does similar things to environ under the covers. > > It surely not works properly on anything excepting BSD due to this > habbit. > >> I am also actively looking for other potential bugs from this type of >> misuse. /bin/sh did not show up for me since I did not have LANG (or >> any other locale variable sh cares about) set in my environment. > > Don't care about login and su, they use pam_getenvlist() which copies > via malloc. My only concern is with programs (i.e., su) that "clean" the environment after calling setenv(), putenv() or unsetenv(). I wrote a patch[1] (and test program) that checks for a change of the address that environ is pointing. If it detects a change, it scraps all that it knows about environ (frees everything) and starts with the new environ. Of course, the sh patch[2] is still needed. Sean 1. http://www.farley.org/freebsd/tmp/setenv/clearenv/ 2. http://www.farley.org/freebsd/tmp/setenv/sh.patch -- scf@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070704144159.X77978>