FreeBSD Security Advisory FreeBSD-SA-09:16.rtld
Jamie Landeg Jones
jamie at bishopston.net
Thu Dec 3 19:10:16 UTC 2009
>
> On 12/03/2009 08:01 PM, Pieter de Boer wrote:
> > Jamie Landeg Jones wrote:
> >>
> >> However, I'd still apply the patch in case some other way to exploit
> >> the non-checking of the unsetenv return status crops up elsewhere.
> >>
> >> It can't do any harm.
> >
> > The problem with that is, on 6.x, unsetenv() returns 'void', so there's
> > no return value to check on.
As Pieter pointed out, unsetenv returns 'void', so checking for a return
value (like that patch does) doesn't make sense.
Sorry for wasting your time - the patch is not necessary (and won't even work)
on 6.X systems, as you've discovered.
Your system is safe from this attack, and any related ones.
Jamie
More information about the freebsd-security
mailing list