> Jamie Landeg Jones ha scritto: > > > So, yes, FreeBSD 6.3-RELEASE upwards are affected - FreeBSD 6.2 isn't. > > Thanks. > So, is a patch on the way for 6.[34] too? > I guess the sec team just wanted to get out what they had as soon as > possible and I agree with them and thanks them. > But I just need to plan... :-)
I don't know - are they still supported? Anyway, I just made this patch. I don't have any 6.X machines to test it on, but it should work on 6.3 and 6.4 (put it this way, if it doesn't work it will fail to compile, rather than break your machine!): Incidently, I am not part of the offical freebsd team. cheers, Jamie --- rtld.c.orig 2007-07-14 20:04:00.000000000 +0100 +++ rtld.c 2009-12-03 17:29:58.000000000 +0000 @@ -349,11 +349,12 @@ * future processes to honor the potentially un-safe variables. */ if (!trust) { - unsetenv(LD_ "PRELOAD"); - unsetenv(LD_ "LIBMAP"); - unsetenv(LD_ "LIBRARY_PATH"); - unsetenv(LD_ "LIBMAP_DISABLE"); - unsetenv(LD_ "DEBUG"); + if (unsetenv(LD_ "PRELOAD") || unsetenv(LD_ "LIBMAP") || + unsetenv(LD_ "LIBRARY_PATH") || unsetenv(LD_ "LIBMAP_DISABLE") || + unsetenv(LD_ "DEBUG")) { + _rtld_error("environment corrupt; aborting"); + die(); + } } ld_debug = getenv(LD_ "DEBUG"); libmap_disable = getenv(LD_ "LIBMAP_DISABLE") != NULL; _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"