svn commit: r199979 - head/libexec/rtld-elf
Colin Percival
cperciva at FreeBSD.org
Tue Dec 1 02:57:07 UTC 2009
Author: cperciva
Date: Tue Dec 1 02:57:06 2009
New Revision: 199979
URL: http://svn.freebsd.org/changeset/base/199979
Log:
Fix local root vulnerability.
Security: Advisory will be coming soon.
X-MFC-After: 30 seconds
Modified:
head/libexec/rtld-elf/rtld.c
Modified: head/libexec/rtld-elf/rtld.c
==============================================================================
--- head/libexec/rtld-elf/rtld.c Tue Dec 1 00:42:17 2009 (r199978)
+++ head/libexec/rtld-elf/rtld.c Tue Dec 1 02:57:06 2009 (r199979)
@@ -366,12 +366,12 @@ _rtld(Elf_Addr *sp, func_ptr_type *exit_
* future processes to honor the potentially un-safe variables.
*/
if (!trust) {
- unsetenv(LD_ "PRELOAD");
- unsetenv(LD_ "LIBMAP");
- unsetenv(LD_ "LIBRARY_PATH");
- unsetenv(LD_ "LIBMAP_DISABLE");
- unsetenv(LD_ "DEBUG");
- unsetenv(LD_ "ELF_HINTS_PATH");
+ if (unsetenv(LD_ "PRELOAD") || unsetenv(LD_ "LIBMAP") ||
+ unsetenv(LD_ "LIBRARY_PATH") || unsetenv(LD_ "LIBMAP_DISABLE") ||
+ unsetenv(LD_ "DEBUG") || unsetenv(LD_ "ELF_HINTS_PATH")) {
+ _rtld_error("environment corrupt; aborting");
+ die();
+ }
}
ld_debug = getenv(LD_ "DEBUG");
libmap_disable = getenv(LD_ "LIBMAP_DISABLE") != NULL;
More information about the svn-src-head
mailing list