Environment handling broken in /bin/sh with changes to
{get,set,put}env()
Sean C. Farley
scf at FreeBSD.org
Wed Jul 4 19:48:08 UTC 2007
On Wed, 4 Jul 2007, Andrey Chernov wrote:
> On Wed, Jul 04, 2007 at 12:53:25PM -0500, Sean C. Farley wrote:
>> functions. I am not certain that sh would work even with OpenSolaris
>> since it does similar things to environ under the covers.
>
> It surely not works properly on anything excepting BSD due to this
> habbit.
>
>> I am also actively looking for other potential bugs from this type of
>> misuse. /bin/sh did not show up for me since I did not have LANG (or
>> any other locale variable sh cares about) set in my environment.
>
> Don't care about login and su, they use pam_getenvlist() which copies
> via malloc.
My only concern is with programs (i.e., su) that "clean" the environment
after calling setenv(), putenv() or unsetenv(). I wrote a patch[1] (and
test program) that checks for a change of the address that environ is
pointing. If it detects a change, it scraps all that it knows about
environ (frees everything) and starts with the new environ.
Of course, the sh patch[2] is still needed.
Sean
1. http://www.farley.org/freebsd/tmp/setenv/clearenv/
2. http://www.farley.org/freebsd/tmp/setenv/sh.patch
--
scf at FreeBSD.org
More information about the freebsd-current
mailing list