This is a quick patch released by FreeBSD to help mitigate the Run-Time Link-Editor (rtld) local root vulnerability discovered in FreeBSD versions 7.x and 8.x.
772589291c1122894af8f75f21e3eb44fa88092f8b5483a3a2cc241268593eed
Index: rtld.c
===================================================================
--- rtld.c (revision 199977)
+++ rtld.c (working copy)
@@ -366,12 +366,12 @@
* future processes to honor the potentially un-safe variables.
*/
if (!trust) {
- unsetenv(LD_ "PRELOAD");
- unsetenv(LD_ "LIBMAP");
- unsetenv(LD_ "LIBRARY_PATH");
- unsetenv(LD_ "LIBMAP_DISABLE");
- unsetenv(LD_ "DEBUG");
- unsetenv(LD_ "ELF_HINTS_PATH");
+ if (unsetenv(LD_ "PRELOAD") || unsetenv(LD_ "LIBMAP") ||
+ unsetenv(LD_ "LIBRARY_PATH") || unsetenv(LD_ "LIBMAP_DISABLE") ||
+ unsetenv(LD_ "DEBUG") || unsetenv(LD_ "ELF_HINTS_PATH")) {
+ _rtld_error("environment corrupt; aborting");
+ die();
+ }
}
ld_debug = getenv(LD_ "DEBUG");
libmap_disable = getenv(LD_ "LIBMAP_DISABLE") != NULL;