FreeBSD Security Advisory FreeBSD-SA-09:16.rtld
Dag-Erling Smørgrav
des at des.no
Fri Dec 4 10:21:58 UTC 2009
Jamie Landeg Jones <jamie at bishopston.net> writes:
> However, I would certainly apply the patch anyway - basically, the old way
> was just blindly unsetting environment variables and blindly assuming the
> unsetting worked.
It won't build.
> Just in case there is some other way of exploiting the fact that rtld.c didn't
> check whether unsetenv was successful (which I bet people are now looking for)
> I'd apply the patch to 6.3 and 6.4 also, just to be sure.
It won't build.
from <stdlib.h> in stable/6:
void unsetenv(const char *);
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list