Bug 94170
| Summary: | Port security/chroot_safe unintended environment leak (minor security flaw) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Kenneth Vestergaard <kvs> | ||||
| Component: | Individual Port(s) | Assignee: | Stefan Walter <stefan> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | CC: | kvs | ||||
| Priority: | Normal | ||||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
State Changed From-To: open->feedback Awaiting maintainers feedback Edwin Groothuis wrote: >Maintainer of security/chroot_safe, > >Please note that PR ports/94170 has just been submitted. > >If it contains a patch for an upgrade, an enhancement or a bug fix >you agree on, reply to this email stating that you approve the patch >and a committer will take care of it. > >The full text of the PR can be found at: > http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/94170 > > > I approve. Thanks, Gabor Kovesdan State Changed From-To: feedback->open Maintainer approved. Responsible Changed From-To: freebsd-ports-bugs->stefan Take. State Changed From-To: open->closed Committed, thanks! |
The putenv(3) library call doesn't unset environment variables on FreeBSD as it apparently does on Linux. The correct usage is unsetenv(3). This has the effect that CHROOT_USER, CHROOT_ROOT and LD_PRELOAD are leaked into the chroot'ed programs environment. Fix: Apply the following diff to the port's Makefile. It will replace the usage of putenv(3) with unsetenv(3). How-To-Repeat: Dump the environment after invoking something with chroot_safe.so preloaded.