FreeBSD Security Advisory FreeBSD-SA-09:16.rtld

Timo Schoeler timo.schoeler at riscworks.net
Thu Dec 3 19:06:45 UTC 2009 

On 12/03/2009 08:01 PM, Pieter de Boer wrote:
> Jamie Landeg Jones wrote:
>>
>> However, I'd still apply the patch in case some other way to exploit
>> the non-checking of the unsetenv return status crops up elsewhere.
>>
>> It can't do any harm.
> 
> The problem with that is, on 6.x, unsetenv() returns 'void', so there's
> no return value to check on.
> 
> On 6.x (I've looked at 6.4-RELEASE-p7, it may be different in other
> versions), the unsetenv() uses __findenv() in a while loop to remove the
> given setting. The getenv() function also uses __findenv() to find the
> given environment setting. The issue described in the advisory simply
> doesn't exist in 6(.4-RELEASE-p7).

patch doesn't complain on the diff, but compiling gives me the following
error on 6.4-STABLE (i386):

# make depend
rm -f .depend
mkdep -f .depend -a    -DFREEBSD_ELF -DIN_RTLD
-I/usr/src/libexec/rtld-elf/i386 -I/usr/src/libexec/rtld-elf -DPIC
/usr/src/libexec/rtld-elf/i386/rtld_start.S
/usr/src/libexec/rtld-elf/i386/reloc.c /usr/src/libexec/rtld-elf/rtld.c
/usr/src/libexec/rtld-elf/rtld_lock.c
/usr/src/libexec/rtld-elf/map_object.c
/usr/src/libexec/rtld-elf/malloc.c /usr/src/libexec/rtld-elf/xmalloc.c
/usr/src/libexec/rtld-elf/debug.c /usr/src/libexec/rtld-elf/libmap.c
echo ld-elf.so.1: /usr/lib/libc_pic.a >> .depend
test# make
cc -O2 -fno-strict-aliasing -pipe  -Wall -DFREEBSD_ELF -DIN_RTLD
-I/usr/src/libexec/rtld-elf/i386 -I/usr/src/libexec/rtld-elf -elf -fpic
-DPIC -std=gnu99 -Wformat=2 -Wno-format-extra-args -Werror -c
/usr/src/libexec/rtld-elf/i386/rtld_start.S
cc -O2 -fno-strict-aliasing -pipe  -Wall -DFREEBSD_ELF -DIN_RTLD
-I/usr/src/libexec/rtld-elf/i386 -I/usr/src/libexec/rtld-elf -elf -fpic
-DPIC -std=gnu99 -Wformat=2 -Wno-format-extra-args -Werror -c
/usr/src/libexec/rtld-elf/i386/reloc.c
cc -O2 -fno-strict-aliasing -pipe  -Wall -DFREEBSD_ELF -DIN_RTLD
-I/usr/src/libexec/rtld-elf/i386 -I/usr/src/libexec/rtld-elf -elf -fpic
-DPIC -std=gnu99 -Wformat=2 -Wno-format-extra-args -Werror -c
/usr/src/libexec/rtld-elf/rtld.c
/usr/src/libexec/rtld-elf/rtld.c: In function `_rtld':
/usr/src/libexec/rtld-elf/rtld.c:352: error: void value not ignored as
it ought to be
/usr/src/libexec/rtld-elf/rtld.c:352: error: void value not ignored as
it ought to be
/usr/src/libexec/rtld-elf/rtld.c:353: error: void value not ignored as
it ought to be
/usr/src/libexec/rtld-elf/rtld.c:353: error: void value not ignored as
it ought to be
/usr/src/libexec/rtld-elf/rtld.c:354: error: void value not ignored as
it ought to be
*** Error code 1

Stop in /usr/src/libexec/rtld-elf.
#

Best,

Timo

More information about the freebsd-security mailing list