On Tue, 1 Dec 2009, Robert Watson wrote:
On Mon, 30 Nov 2009, Colin Percival wrote:
*snip*
We've already had two major security issues arising out of getenv.c
in the past year, and I'd like to make sure we don't have a third.
I think it's fair to say that the POSIXization of the environment code
has been an unmitigated disaster, and speaks to the necessity for
careful review of those sorts of code changes.
As the author of the environment code, I agree that it has been a
painful process.
Interestingly, the security issue was a combination of r169661 to
rtld.c, which is a correct action, and the new environ code which was
developed, as opposed to committed, at the same time. Separately, the
security issue would not have existed.
Sean
--
s...@freebsd.org
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
