Date: Thu, 3 Dec 2009 18:04:47 -0600 (CST) From: "Sean C. Farley" <scf@FreeBSD.org> To: freebsd-current@FreeBSD.org Subject: environ function patch for review Message-ID: <alpine.BSF.2.00.0912031730030.18865@thor.farley.org>
next in thread | raw e-mail | index | archive | help
Regarding the recent security issue with the unsetenv() calls in rtld, I have made a patch[1] I would like reviewed prior to commit. It changes the behavior of all the *env() routines that cause an internal environment to be created. This is putenv(), setenv() and unsetenv(). getenv() will not cause an internal environment to be created. I have tested the patch without the rltd fix, and it prevents the security issue. Instead of returning an error when tripping upon a corrupt environment, it will return an error when the caller passes bad argument(s) (EINVAL) or if unable to allocate memory (ENOMEM). Except for the possibility for ENOMEM, this should make the behavior the same as FreeBSD 6 and below. Another commit[2] will also be made, but it mainly changes a comment to better reflect the search order in getenv(). Changing the comment was recommended by Brian (green), and I concur to the change. The entire commit will not change any code. The patches will be applied in the order of the comment-only patch and then the behavioral patch. Thank you. Sean 1. http://people.freebsd.org/~scf/getenv-2.patch 2. http://people.freebsd.org/~scf/getenv-1.patch -- scf@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.0912031730030.18865>