Upcoming FreeBSD Security Advisory
Dan Lukes
dan at obluda.cz
Tue Dec 1 12:26:55 UTC 2009
Jan Muenther napsal/wrote, On 12/01/09 12:53:
> I'd be greatly surprised if the affected code looked different in 6.x.
True, affected code is same. But unsetenv() "return" 'void' on 6.x, so
the code can't be patched the same way as in 7.x/8.x/HEAD
We need something like
if (getenv(...) != NULL ) {
unsetenv(...);
if (getenv(...) != NULL )
ABORT - BROKEN ENVIRONMENT
}
Dan
More information about the freebsd-security
mailing list