[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ports/94170: Port security/chroot_safe unintended environment leak (minor security flaw)

To: FreeBSD-gnats-submit_(_at_)_FreeBSD_(_dot_)_org
Subject: ports/94170: Port security/chroot_safe unintended environment leak (minor security flaw)
From: Kenneth Vestergaard Schmidt <kvs_(_at_)_binarysolutions_(_dot_)_dk>
Date: Tue, 7 Mar 2006 15:17:15 +0100 (CET)
Cc: kvs_(_at_)_binarysolutions_(_dot_)_dk
Reply-to: Kenneth Vestergaard Schmidt <kvs_(_at_)_binarysolutions_(_dot_)_dk>
Resent-date: Tue, 7 Mar 2006 14:20:05 GMT
Resent-from: FreeBSD-gnats-submit_(_at_)_FreeBSD_(_dot_)_org (GNATS Filer)
Resent-message-id: <200603071420.k27EK56B032286@freefall.freebsd.org>
Resent-reply-to: FreeBSD-gnats-submit@FreeBSD.org, Kenneth Vestergaard Schmidt <kvs@binarysolutions.dk>
Resent-to: freebsd-ports-bugs_(_at_)_FreeBSD_(_dot_)_org

>Number:         94170
>Category:       ports
>Synopsis:       Port security/chroot_safe unintended environment leak (minor security flaw)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Mar 07 14:20:05 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Kenneth Vestergaard Schmidt
>Release:        FreeBSD 7.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD donkey.binarysolutions.dk 7.0-CURRENT FreeBSD 7.0-CURRENT #6: Fri Feb 3 01:17:43 CET 2006 root_(_at_)_donkey_(_dot_)_binarysolutions_(_dot_)_dk:/usr/obj/usr/src/sys/X30 i386

>Description:
        The putenv(3) library call doesn't unset environment variables on
        FreeBSD as it apparently does on Linux. The correct usage is unsetenv(3).
        This has the effect that CHROOT_USER, CHROOT_ROOT and LD_PRELOAD are leaked
        into the chroot'ed programs environment.
>How-To-Repeat:
        Dump the environment after invoking something with chroot_safe.so preloaded.
>Fix:
        Apply the following diff to the port's Makefile. It will replace the usage of
        putenv(3) with unsetenv(3).

--- Makefile.orig       Thu Mar  2 23:42:49 2006
+++ Makefile    Thu Mar  2 23:42:10 2006
@@ -25,5 +25,6 @@
                -e 's|-o chroot_safe.so|chroot_safe.cpp -o chroot_safe.so|' \
                ${WRKSRC}/Makefile.in
        ${REINPLACE_CMD} 's|chroot(1)|chroot(8)|' ${WRKSRC}/chroot_safe.1.in
+       ${REINPLACE_CMD} 's|putenv|unsetenv|' ${WRKSRC}/chroot_safe.cpp
 
 .include <bsd.port.mk>

>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
freebsd-ports-bugs_(_at_)_freebsd_(_dot_)_org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs
To unsubscribe, send any mail to "freebsd-ports-bugs-unsubscribe_(_at_)_freebsd_(_dot_)_org"

Prev by Date: ports/94169: sysutils/rubygem-switchtower: move to sysutils/rubygem-capistrano
Next by Date: Re: ports/94169: sysutils/rubygem-switchtower: move to sysutils/rubygem-capistrano
Previous by thread: Re: ports/94169: sysutils/rubygem-switchtower: move to sysutils/rubygem-capistrano
Next by thread: Re: ports/94170: Port security/chroot_safe unintended environment leak (minor security flaw)
Index(es):
- Date
- Thread

Visit your host, monkey.org