cvs commit: src/libexec/rtld-elf rtld.c
Christian S.J. Peron
csjp at FreeBSD.org
Thu May 17 18:00:32 UTC 2007
csjp 2007-05-17 18:00:28 UTC
FreeBSD src repository
Modified files:
libexec/rtld-elf rtld.c
Log:
In the event a process is tainted (setuid/setgid binaries), un-set any
potentially dangerous environment variables all together. It should be
noted that the run-time linker will not honnor these environment variables
if the process is tainted currently. However, once a child of the tainted
process calls setuid(2), it's status as being tainted (as defined by
issetugid(2)) will be removed. This could be problematic because
subsequent activations of the run-time linker could honnor these
dangerous variables.
This is more of an anti foot-shot mechanism, there is nothing I am
aware of in base that does this, however there may be third party
utilities which do, and there is no real negative impact of clearing
these environment variables.
Discussed on: secteam
Reviewed by: cperciva
PR: kern/109836
MFC after: 2 weeks
Revision Changes Path
1.124 +20 -10 src/libexec/rtld-elf/rtld.c
More information about the cvs-all
mailing list