Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Dmitry Pryanishnikov (lynx.ripegmail.com)
Date: Fri Dec 04 2009 - 16:30:39 CST
> So it would be possible to set an
> variable which in this case is not UNSETABLE or SETABLE (unsetenv and
> respectively), in my eyes this is a bad behaviour of the enviroment handling
> introduced recently in FreeBSD.
Yes, this is a very dangerous situation when environmental variable can't
be unset yet can be read. I would only understand that if we supported
readonly variables. But officially we haven't them, yet virtually they can
exist due to the corrupted environment ;(
Generally speaking, IMHO, having destroying function that can fail is the
thing which should be avoided if possible. Imagine free() which could fail...
Sounds really weird, but current unsetenv() behaviour resembles that.
freebsd-securityfreebsd.org mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"