FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Improper environment sanitization in rtld(1)

Affected packages
7.1 < FreeBSD < 7.1_9
7.2 < FreeBSD < 7.2_5
8.0 < FreeBSD < 8.0_1

Details

VuXML ID ad08d14b-ca3d-11df-aade-0050568f000c
Discovery 2009-12-03
Entry 2010-10-24

Problem Description:

When running setuid programs rtld will normally remove potentially dangerous environment variables. Due to recent changes in FreeBSD environment variable handling code, a corrupt environment may result in attempts to unset environment variables failing.

References

FreeBSD Advisory SA-09:16.rtld