Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!spool.mu.edu!howland.reston.ans.net!blackbush.xlink.net!zib-berlin.de!news.tu-chemnitz.de!irz401!uriah.heep!news
From: j@uriah.heep.sax.de (J Wunsch)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: FreeBSD Security Patches
Date: 19 Dec 1995 23:09:12 GMT
Organization: Private BSD site, Dresden
Lines: 65
Message-ID: <4b7gmo$6bu@uriah.heep.sax.de>
References: <4akmp6$ql7@orca.osg.gov.bc.ca>
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
NNTP-Posting-Host: localhost.heep.sax.de
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Newsreader: knews 0.9.3
cschuber@passer.osg.gov.bc.ca (Cy Schubert - BCSC Open Systems Group) writes:
> I'm a recent convert to FreeBSD (from Linux). I haven't been able to get my
> hands on a 2.1 CDROM yet, however I did get a copy of 2.0.5. Are there any
> security patches for 2.0.5R, specifically the syslog() patch and the telnetd
> patch?
I think the syslogd one wasn't a very simple patch. Anyway, here's
the telnetd fix:
Index: libexec/telnetd/sys_term.c
===================================================================
RCS file: /home/cvs/src/libexec/telnetd/sys_term.c,v
retrieving revision 1.9
retrieving revision 1.12
diff -u -r1.9 -r1.12
--- sys_term.c 1995/09/06 02:03:34 1.9
+++ sys_term.c 1995/10/24 06:50:45 1.12
@@ -1555,6 +1555,8 @@
fatal(net, "makeutx failed");
#endif
+ scrub_env();
+
/*
* -h : pass on name of host.
* WARNING: -h is accepted by login if and only if
@@ -1766,6 +1768,31 @@
return(argv);
}
#endif /* NEWINIT */
+
+/*
+ * scrub_env()
+ *
+ * Remove a few things from the environment that
+ * don't need to be there.
+ */
+scrub_env()
+{
+ register char **cpp, **cpp2;
+
+ for (cpp2 = cpp = environ; *cpp; cpp++) {
+#ifdef __FreeBSD__
+ if (strncmp(*cpp, "LD_LIBRARY_PATH=", 16) &&
+ strncmp(*cpp, "LD_PRELOAD=", 11) &&
+#else
+ if (strncmp(*cpp, "LD_", 3) &&
+ strncmp(*cpp, "_RLD_", 5) &&
+ strncmp(*cpp, "LIBPATH=", 8) &&
+#endif
+ strncmp(*cpp, "IFS=", 4))
+ *cpp2++ = *cpp;
+ }
+ *cpp2 = 0;
+}
/*
* cleanup()
--
cheers, J"org
joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)