FreeBSD Security Advisory FreeBSD-SA-09:16.rtld

[Jamie Landeg Jones]

> Jamie Landeg Jones ha scritto:
>
> > So, yes, FreeBSD 6.3-RELEASE upwards are affected - FreeBSD 6.2 isn't.
>
> Thanks.
> So, is a patch on the way for 6.[34] too?
> I guess the sec team just wanted to get out what they had as soon as 
> possible and I agree with them and thanks them.
> But I just need to plan... :-)

I don't know - are they still supported?

Anyway, I just made this patch. I don't have any 6.X machines to test it on,
but it should work on 6.3 and 6.4 (put it this way, if it doesn't work it
will fail to compile, rather than break your machine!):

Incidently, I am not part of the offical freebsd team.

cheers,
Jamie

--- rtld.c.orig	2007-07-14 20:04:00.000000000 +0100
+++ rtld.c	2009-12-03 17:29:58.000000000 +0000
@@ -349,11 +349,12 @@
      * future processes to honor the potentially un-safe variables.
      */
     if (!trust) {
-        unsetenv(LD_ "PRELOAD");
-        unsetenv(LD_ "LIBMAP");
-        unsetenv(LD_ "LIBRARY_PATH");
-        unsetenv(LD_ "LIBMAP_DISABLE");
-        unsetenv(LD_ "DEBUG");
+        if (unsetenv(LD_ "PRELOAD") || unsetenv(LD_ "LIBMAP") ||
+	    unsetenv(LD_ "LIBRARY_PATH") || unsetenv(LD_ "LIBMAP_DISABLE") ||
+	    unsetenv(LD_ "DEBUG")) {
+		_rtld_error("environment corrupt; aborting");
+		die();
+	}
     }
     ld_debug = getenv(LD_ "DEBUG");
     libmap_disable = getenv(LD_ "LIBMAP_DISABLE") != NULL;