On Mon, 2008-06-09 at 22:27 -0500, Sean C. Farley wrote: > On Mon, 9 Jun 2008, Timo Sirainen wrote: > > > I think clearing environment using: > > > > environ[0] = NULL; > > > > has been kind of a semi-standard for a while now. At least Dovecot and > > Postfix clears their environment this way. But this no longer works in > > FreeBSD 7.0 (putenv(), environ[0]=NULL, putenv() -> everything is > > visible again). Was this change intended, or will this be fixed? > > It is more or less intended. When a program sets an environment > variable, the environment is copied for faster/leaner usage. Changing > individual values within environ is not checked else every pointer would > need to be checked for consistency. What I did was to write the code to > detect if environ is replaced (NULL or new array of variables).
OK, so perhaps Sendmail's way of clearing environment would be the best
solution:
static char *emptyenv[1] = { NULL };
environ = emptyenv;
> I suggest reading the two paragraphs from Open Group's getenv()[1]
> documentation starting at "Conforming applications are required not to
> modify environ directly, ..." for the rationale in the new design.
> Obviously, applications are not required to conform, but the
> documentation talks about what an OS may be doing under the covers to
> environ.
How about implementing clearenv()? I'm using it now if it's available.
> Out of curiosity, do Dovecot and Postfix check that environ is not NULL
> before setting environ[0]? environ may be set to NULL at the start but
> not by FreeBSD's /usr/bin/env -i.
Yes, both check if it's NULL. (I think I originally copied my code's
logic from Postfix.)
> > Looks like I could work around this by using:
> >
> > environ = NULL;
>
> That will work on the *BSD's, OpenSolaris and Linux.
But not on OS X. It crashes there.
> Also, this will work:
> environ = calloc(1, sizeof(*environ));
Is this any better than using a static emptyenv[1]?
BTW. I wonder if this change breaks any applications where not clearing
environment could result in a security hole. As far as I know FreeBSD
7.0 is the only modern OS where environ[0]=NULL doesn't work.
signature.asc
Description: This is a digitally signed message part
