On Fri, Sep 17, 1999 at 02:23:48PM -0500, Tymm Twillman wrote: > - Glibc 2.1.1: > > o unsetenv() off-by-one error: > The unsetenv function in glibc 2.1.1 suffers from a problem whereby > when running through the environment variables, if the name of the > variable being unset is present twice consecutively, the second is > not destroyed. > > unsetenv is sometimes used by programs that depend on it clearing out > variables for protection against evil environment variables. In particular, by ld.so. While this hole doesn't affect setuid programs themselves, it means that programs run by the setuid application can be fooled into using the LD_* variables. Olaf -- Olaf Kirch | --- o --- Nous sommes du soleil we love when we play okirat_private | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax okirat_private +-------------------- Why Not?! ----------------------- UNIX, n.: Spanish manufacturer of fire extinguishers.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:04:33 PDT