From f349fbc4a6783e796c88d6b7e710ad6755346866 Mon Sep 17 00:00:00 2001
From: Colin Percival <cperciva@FreeBSD.org>
Date: Tue, 1 Dec 2009 02:57:06 +0000
Subject: Fix local root vulnerability.

Security:	Advisory will be coming soon.
X-MFC-After:	30 seconds
---
 libexec/rtld-elf/rtld.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'libexec')

diff --git a/libexec/rtld-elf/rtld.c b/libexec/rtld-elf/rtld.c
index bffae60d573c1..cab8c87d86f50 100644
--- a/libexec/rtld-elf/rtld.c
+++ b/libexec/rtld-elf/rtld.c
@@ -366,12 +366,12 @@ _rtld(Elf_Addr *sp, func_ptr_type *exit_proc, Obj_Entry **objp)
      * future processes to honor the potentially un-safe variables.
      */
     if (!trust) {
-        unsetenv(LD_ "PRELOAD");
-        unsetenv(LD_ "LIBMAP");
-        unsetenv(LD_ "LIBRARY_PATH");
-        unsetenv(LD_ "LIBMAP_DISABLE");
-        unsetenv(LD_ "DEBUG");
-        unsetenv(LD_ "ELF_HINTS_PATH");
+        if (unsetenv(LD_ "PRELOAD") || unsetenv(LD_ "LIBMAP") ||
+	    unsetenv(LD_ "LIBRARY_PATH") || unsetenv(LD_ "LIBMAP_DISABLE") ||
+	    unsetenv(LD_ "DEBUG") || unsetenv(LD_ "ELF_HINTS_PATH")) {
+		_rtld_error("environment corrupt; aborting");
+		die();
+	}
     }
     ld_debug = getenv(LD_ "DEBUG");
     libmap_disable = getenv(LD_ "LIBMAP_DISABLE") != NULL;
-- 
cgit v1.3