FreeBSD Security Advisory FreeBSD-SA-09:16.rtld
Dmitry Pryanishnikov
lynx.ripe at gmail.com
Thu Dec 3 19:21:36 UTC 2009
Hello!
> The change that introduced the bug was made as follows:
>
> | Revision 1.124: download - view: text, markup, annotated - select for diffs
> | Thu May 17 18:00:27 2007 UTC (2 years, 6 months ago) by csjp
> | Branches: MAIN
...
> This was also ported MFC'd into 6.3 onwards:
...
> So, yes, FreeBSD 6.3-RELEASE upwards are affected - FreeBSD 6.2 isn't.
Well, not exactly. This change introduces vulnerability _only_ if *env()
implementation allows to create an environment, in which unsetenv(X) will fail
but getenv(X) will still work. RELENG_6 luckily uses old, legacy, but
_consistent_ *env() implementation which just uses the same variable search
routine __findenv() both in getenv() and unsetenv(). So IMHO the advisory is
correct, and there is no need to patch 6.*.
Sincerely, Dmitry
--
nic-hdl: LYNX-RIPE
More information about the freebsd-security
mailing list