Bug 94170 - Port security/chroot_safe unintended environment leak (minor security flaw)
Summary: Port security/chroot_safe unintended environment leak (minor security flaw)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Stefan Walter
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-03-07 14:20 UTC by Kenneth Vestergaard
Modified: 2006-05-21 14:24 UTC (History)
1 user (show)

See Also:

Attachments
file.diff (398 bytes, patch)
2006-03-07 14:20 UTC, Kenneth Vestergaard 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kenneth Vestergaard 2006-03-07 14:20:05 UTC 
        The putenv(3) library call doesn't unset environment variables on
        FreeBSD as it apparently does on Linux. The correct usage is unsetenv(3).
        This has the effect that CHROOT_USER, CHROOT_ROOT and LD_PRELOAD are leaked
        into the chroot'ed programs environment.

Fix: Apply the following diff to the port's Makefile. It will replace the usage of
        putenv(3) with unsetenv(3).
How-To-Repeat:         Dump the environment after invoking something with chroot_safe.so preloaded.
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2006-03-07 14:24:19 UTC 
State Changed
From-To: open->feedback

Awaiting maintainers feedback
Comment 2 Gabor Kovesdan 2006-03-07 14:27:18 UTC 
Edwin Groothuis wrote:

>Maintainer of security/chroot_safe,
>
>Please note that PR ports/94170 has just been submitted.
>
>If it contains a patch for an upgrade, an enhancement or a bug fix
>you agree on, reply to this email stating that you approve the patch
>and a committer will take care of it.
>
>The full text of the PR can be found at:
>    http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/94170
>
>  
>
I approve.

Thanks,

Gabor Kovesdan
Comment 3 Mark Linimon freebsd_committer freebsd_triage 2006-03-07 17:59:01 UTC 
State Changed
From-To: feedback->open

Maintainer approved.
Comment 4 Stefan Walter freebsd_committer freebsd_triage 2006-05-16 15:36:50 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->stefan

Take.
Comment 5 Stefan Walter freebsd_committer freebsd_triage 2006-05-21 14:24:13 UTC 
State Changed
From-To: open->closed

Committed, thanks!