Re: FreeBSD Security Advisory FreeBSD-SA-09:16.rtld

看板FB_security作者時間16年前 (2009/12/05 06:32), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串24/24 (看更多)
Hello! > So it would be possible to set an > environment > variable which in this case is not UNSETABLE or SETABLE (unsetenv and > putenv/setenv > respectively), in my eyes this is a bad behaviour of the enviroment handling > routines > introduced recently in FreeBSD. Yes, this is a very dangerous situation when environmental variable can't be unset yet can be read. I would only understand that if we supported readonly variables. But officially we haven't them, yet virtually they can exist due to the corrupted environment ;( Generally speaking, IMHO, having destroying function that can fail is the thing which should be avoided if possible. Imagine free() which could fail... Sounds really weird, but current unsetenv() behaviour resembles that. Sincerely, Dmitry -- nic-hdl: LYNX-RIPE _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 lynx. 的文章
文章代碼(AID): #1B6OtZ14 (FB_security)
討論串 (同標題文章)
完整討論串 (本文為第 24 之 24 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共24篇)
更多 lynx. 的文章
文章代碼(AID): #1B6OtZ14 (FB_security)