Re: LD_PRELOAD temporary patch

看板FB_security作者時間16年前 (2009/12/02 02:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串3/4 (看更多)
--ieNMXl1Fr3cevapt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Good evening. Tue, Dec 01, 2009 at 05:09:57PM +0300, Vasim Valejev wrote: > I've used that patch to close the hole. This patch is temporary and > doesn't fix real trouble maker - problem in new version in getenv() If you're talking about rtld-elf local root, then the real issue is that return values of unsetenv() are not checked and unsetenv() could fail, thus leaving LD_PRELOAD and friends left unmodified. > (after 6.3 it got changed to something monstrous and non-working right > if environment has only one variable), Sorry, what do you mean by this? Does the attached script print 'VAR = variable' for you as it does for me on 8.0-BETA2 (and undoubtly, on 8.0)? If yes then getenv() works properly with a single environment variable. Perhaps you meant something else? -- Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook {_.-``-' {_/ # --ieNMXl1Fr3cevapt Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" --ieNMXl1Fr3cevapt--
更多 rea-fbsd. 的文章
文章代碼(AID): #1B5LdcUM (FB_security)
更多 rea-fbsd. 的文章
文章代碼(AID): #1B5LdcUM (FB_security)