FreeBSD Security Advisory FreeBSD-SA-09:16.rtld
Pieter de Boer
pieter at thedarkside.nl
Thu Dec 3 19:01:58 UTC 2009
Jamie Landeg Jones wrote:
>
> However, I'd still apply the patch in case some other way to exploit
> the non-checking of the unsetenv return status crops up elsewhere.
>
> It can't do any harm.
The problem with that is, on 6.x, unsetenv() returns 'void', so there's
no return value to check on.
On 6.x (I've looked at 6.4-RELEASE-p7, it may be different in other
versions), the unsetenv() uses __findenv() in a while loop to remove the
given setting. The getenv() function also uses __findenv() to find the
given environment setting. The issue described in the advisory simply
doesn't exist in 6(.4-RELEASE-p7).
--
Pieter
More information about the freebsd-security
mailing list